安全的未來：資料和身分是同一枚硬幣的兩面

我們的世界繼續以資料為中心，這就是為什麼不斷發展的安全狀況需要新的流程和技術來保護資料。

Our world continues to revolve around data – and that’s why the evolving security landscape demands new processes and technologies to secure it.

我們的世界繼續以資料為中心，這就是為什麼不斷發展的安全狀況需要新的流程和技術來保護資料。

By 2025 the global dataverse will reach a massive 181 zettabytes. While this explosion will undoubtedly lead to unprecedented opportunities for business, it also amplifies the risk factors – particularly when it comes to protecting business-critical data.

到 2025 年，全球資料空間將達到 181 ZB。雖然這種爆炸性成長無疑將為企業帶來前所未有的機遇，但它也放大了風險因素——尤其是在保護關鍵業務數據方面。

One security challenge stands out: identity. After all, we must make data accessible to business stakeholders, whether internal, or third-party, for it to get used to enter new markets, analyze customer insights, and develop new products to outpace the competition.

一項突出的安全挑戰是：身分。畢竟，我們必須讓業務利害關係人（無論是內部利害關係人還是第三方）能夠存取數據，以便利用數據進入新市場、分析客戶洞察並開發新產品以超越競爭對手。

In the age of AI, where 72% of teams say they are already leveraging some form of AI services at work, the lines between data and identity security are starting blur more than ever.

在人工智慧時代，72% 的團隊表示他們已經在工作中利用某種形式的人工智慧服務，資料和身分安全之間的界線開始比以往任何時候都更加模糊。

Think about an enterprise Co-Pilot, like Microsoft Co-Pilot or Glean. Those of us in the industry refer to these as non-human identities (NHI). These apps let employees quickly and efficiently find the information they are looking for across Microsoft 365, Google Drive, Box, Confluence, Notion, and many other platforms. However, the ability to do so securely depends on the native permissions in these platforms.

考慮企業 Co-Pilot，例如 Microsoft Co-Pilot 或 Glean。我們業內人士將這些稱為非人類身分 (NHI)。這些應用程式可讓員工在 Microsoft 365、Google Drive、Box、Confluence、Notion 和許多其他平台上快速且有效率地找到所需的資訊。然而，安全地執行此操作的能力取決於這些平台中的本機權限。

So why we are only now discussing the need to align data and identity. To me, it’s a simple answer: few security vendors in the market address this convergence effectively. This forced security teams to manually stitch together disparate processes and tools on their own. Data discovery and classification tools of the past struggled with speed, the ability to support hybrid environments, and had poor precision – which led to false positives, and weakened data security posture.

那為什麼我們現在才討論調整數據和身分的必要性。對我來說，這是一個簡單的答案：市場上很少有安全供應商能夠有效解決這種整合問題。這迫使安全團隊自己手動將不同的流程和工具拼接在一起。過去的資料發現和分類工具在速度、支援混合環境的能力方面存在困難，且精確度較差，導致誤報並削弱資料安全態勢。

But technology was not the only factor. Siloed internal security processes, disparate organizations, and a lack of communication across these teams also played an important role. Data was left to the data security team. Identity was left to the identity management team.

但技術並不是唯一的因素。孤立的內部安全流程、不同的組織以及這些團隊之間缺乏溝通也發揮了重要作用。數據留給了資料安全團隊。身分留給身分管理團隊。

Moving forward, the days of viewing data and identity as distinct entities are numbered. These two sides of the same coin must be integrated more closely than ever before. Data security teams are asking where their sensitive data resides and who has access to it, and identity teams are asking if this user should have access to this data. This helps make it simpler for security teams to align data security with identity management, and helps foster the zero-trust principle of minimizing over-privileged access.

展望未來，將資料和身分視為不同實體的日子已經屈指可數了。同一枚硬幣的兩面必須比以往更加緊密地結合在一起。資料安全團隊詢問他們的敏感資料駐留在哪裡以及誰有權存取這些數據，而身分團隊則詢問該使用者是否應該有權存取這些資料。這有助於安全團隊更輕鬆地將資料安全與身分管理結合起來，並有助於促進最大限度地減少過度特權存取的零信任原則。

Data security programs must work to include identity access management, and identity access management programs must work to include data security. We don’t have to make this difficult: Security teams need to know where their sensitive data resides and who or what has access to that data. And, identity managers need to know what identities are operating within their environment, and then, under what context.

資料安全計畫必須包括身分存取管理，而身分存取管理計畫必須包括資料安全性。我們不必讓這變得困難：安全團隊需要知道他們的敏感資料駐留在哪裡以及誰或什麼可以存取該資料。而且，身分管理者需要知道哪些身分在其環境中運行，以及在什麼脈絡中運作。

When speaking with CISOs about this, I like to use what we call “The OneDrive” scenario. Consider the security implications if a service like OneDrive were compromised for the company’s top 20 executives:

當與 CISO 談論這個問題時，我喜歡使用我們所說的「OneDrive」場景。想想如果像 OneDrive 這樣的服務對公司的 20 名最高管理人員來說受到損害，會產生哪些安全影響：

In 99% of cases, nobody knows. It’s critical that organizations can quickly discover and classify their data across all of their environments, understand who and what – both human and non-human identities – have access to sensitive data – as well as remediate unnecessary access.

99%的情況下，沒有人知道。至關重要的是，組織可以在所有環境中快速發現數據並對其進行分類，了解誰和什麼（人類和非人類身份）可以存取敏感數據，並糾正不必要的存取。

The inability for most to respond to these questions underscores the importance of understanding the interconnectedness of data and identity. By getting this right, the time to value becomes immediate. Teams can minimize overprivileged access to align with zero-trust principles of data access. They can safely adopt AI without increasing business risk.

大多數人無法回答這些問題，這凸顯了理解數據和身分相互關聯性的重要性。透過正確處理這一點，實現價值的時間就會變得立竿見影。團隊可以最大限度地減少特權訪問，以符合資料存取的零信任原則。他們可以安全地採用人工智慧，而不會增加業務風險。

The future of security lies in a unified approach that treats data and identity as two sides of the same coin. It takes co-evolution – the process of continuing to evolve together. Only such as unified approach will let us adopt AI securely. Security teams that do this well will win the hearts and minds of the businesses.

安全的未來在於採用統一的方法，將資料和身分視為同一枚硬幣的兩面。它需要共同演化──持續共同演化的過程。只有這樣統一的方法才能讓我們安全地採用人工智慧。做得好的安全團隊將贏得企業的青睞。