Data security has become a top priority for all sectors, but the majority of decision makers have not yet adjusted to this new reality, according to EMC security practice lead Mat Allen. He appeared on theCUBE at the recently concluded MIT ECIR Workshop to share his firsthand insights about the enterprise threat landscape with Wikibon’s Dave Vellante and Stu Miniman.

Protecting data from loss and unauthorized access has always been central to IT, but only now are business and policy leaders coming to realize that an insecure network exposes their organizations to a tremendous amount of liability. Allen reports that the stakes have never been higher, with state-sponsored attacks on private companies adding a geopolitical element to cybercrime.

The increased focus on cybersecurity is driving a cross-industry transition from traditional network-centric models to new architectures that provide security at the data layer. While Allen disagrees with the view that the latter approach will take over completely, he nonetheless considers this shift encouraging:

“I think the idea that you’re securing data gives me better confidence that, to your point, we migrated away from sort of the garage days and into a formal environment where we’re addressing the root cause of the issue,” Allen tells Miniman. “The root cause is the data. For lack of a better way to put it, why do they rob a bank? That’s where the money is. Why do you attack a company’s infrastructure? That’s where the data is.”

The executive sees this trend gaining more momentum in the next two years, especially as enterprises move more of their processes off-premises. At present, most companies are still coming to terms with the massive volumes of data that pass through the firewall in both directions. Allen says that the cloud presents a different set of challenges to CIOs, but the fundamentals are the same: reduce data breach exposure and minimize the risk of compromise.

This growing emphasis on security is raising data privacy awareness in the public policy arena. Allen predicts more regulations for managing information will be implemented over time, which will require “striking a balance where the regulatory bodies give guidance as it relates to what we don’t want people doing and/or behaviors we want to prevent, rather than dictating the terms of how they do business.” He continues, “I know it sounds like a nuance, and it sounds like a debate of semantics, but the reality is we want them acting very much like Adam Smith’s invisible hand: guide the marketplace where it needs to go, don’t be prescriptive at a detailed level – the marketplace will figure that part out.”

Organizations are increasingly adopting modern technologies for fending off attacks, but vendors like EMC still have to find “creative ways” to secure legacy systems, Allen points out. He concludes the interview by highlighting that negligence and disgruntled employees often pose a greater hacking risk than external attacks, but companies are doing little to combat internal security threats.

To hear the full interview, click on the video below.