When Data Security Isn’t Yes or No - Jennifer Fite - Guardians of the Data - Episode #24
How do you secure data when access isn’t binary?
In this episode, host Ward Balcerzak sits down with Jennifer Fite, Principal Consultant on the Data Risk Management team at Trace3, to unpack the real-world challenges organizations face when trying to protect sensitive data in today’s cloud-first, integration-heavy environments.
Jen shares why supply chain breaches have become one of the fastest-growing data security threats and why focusing solely on AI misses the bigger picture. As organizations move from on-prem infrastructure to sprawling cloud ecosystems, security teams are losing visibility into where data lives, who’s accessing it, and how it’s being used. Jen emphasizes a recurring theme: data security is contextual, not binary. Unlike traditional security controls, protecting data requires understanding business intent, user behavior, and downstream data usage, all of which can change over time.
Takeaways:
- Harden Internal Data Security Practices: Focus on protecting data at rest, minimizing unnecessary data proliferation, and ensuring robust internal controls regardless of external integrations.
- Implement User Behavior Analytics: Establish monitoring to understand normal user behavior and detect anomalies. This helps identify potential breaches, especially when attackers use legitimate credentials.
- Know Your Data Estate: Maintain visibility into where sensitive data is stored, who has access, and how it is used. Regularly update your data inventory and access controls.
- Establish Data Ownership and Accountability: Assign clear data owners who understand and can authorize access and usage. Ensure business justification for all data access and regularly review permissions.
- Start with Immediate, Practical Steps: If resources are limited, address the most critical gaps first (e.g., implement basic classification and access policies), then build toward a more comprehensive data security program.
- Regularly Review and Adjust Access: Continuously re-evaluate who has access to what data, ensuring permissions are still necessary and appropriate, and remove access when it is no longer needed.
Quote of the Show:
- “ I don't wanna say no, but because it depends, I have to sit with that person and understand what they're doing so we can create the safe right way to do that thing.” - Jennifer Fite
Links:
- LinkedIn: https://www.linkedin.com/in/jenfitephd/
- Website: https://www.trace3.com/
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
Creators and Guests
