Week after week, we\u2019ve gotten used to news media reports about ever-more jaw-dropping data breaches. The breach at the credit reporting firm\u00a0Equifax\u00a0is just the latest, and so far highest-profile reminder that more than 5 million personal records are\u00a0lost or stolen\u00a0every day. Each breach\u00a0costs companies\u00a0on average $3.6 million. CEOs have lost their jobs and\u00a0reputations, and CSOs wake up each morning dreading the news that personal customer data is in the hands of hackers.\nIt wasn\u2019t always like this. Twenty years ago, cyber-related threats barely cracked the top 10 security threats\u00a0facing U.S. companies, let alone data-specific threats. And historically, a company\u2019s primary concern about its data related to governance and compliance, not security.\nWhen I recently asked the VP of IT security for a Fortune 1000 company what his approach to data security was, his response was simply \u201cI wish I knew; it\u2019s not my job. It\u2019s critically important for us to be engaged, but I only get informed after the fact.\u201d\nSuch responses are depressingly common in an industry that is only just grasping the full impact of data security on their business.\nThis is the first of a series of posts in which I explore \u201cdata friction\u201d that results when security constraints inhibit the ability to satisfy the data needs of the business.\nThe Growing Value of Data\nIn today\u2019s software economy, data has become one of a company\u2019s most important assets. Consumers expect personalized experiences that businesses can only deliver by gathering, analyzing, and managing data at scale. That data can be used to drive new insights, decisions, and strategies throughout the business.\nThe imperative to collect and store more information about customers creates a feedback loop that\u2019s not always virtuous. Data is stored in more places than ever before, and it contains more personal information than ever before. Both sides of the business equation derive potential benefits: Companies offer a better experience, and sell more products or services; Customers are more loyal and\/or engaged, and then buy more of those products and services.\nAnd while overall, this creates a greater value for businesses and customers alike, it also creates a more target-rich environment for an attacker. Protecting that data is more complex than ever before.\nThe old standard practice of \u201csecuring the edge\u201d by using corporate firewalls and authentication systems is no longer adequate. \u00a0Increasingly, enterprises must contend with mobile devices in the hands of employees and customers, an ever-growing list of connected IoT devices, as well as public, private, and hybrid cloud infrastructure. And while we still need to do the basic blocking and tackling of verifying identities, securing the transport layer, and encrypting transactions, they\u2019re just starting points.\nCompanies have increasingly focused on mitigating risks and boosting their capacity to recover once the edge has been breached. Security and Event Incident Management (SEIM) systems \u2014 examples include ArcSight and Splunk\u2014 are becoming more sophisticated and using machine learning and artificial intelligence to better identify threats. But even so, while the damage can be done in minutes or hours, the average time it takes to detect and respond to a data breach, according to a global study of\u00a0security breaches by The Ponemon Institute, is more than six months.\nBut what complicates the discussion around securing the data is the data itself. When you combine the inexorable growth in the amount of data that companies gather with newly intricate and sometimes convoluted ways in which it\u2019s used, you end up with a quagmire. Companies struggle to understand, let alone quantify, their risk. And while techniques like\u00a0data masking\u00a0help eliminate personal information from data troves, it\u2019s useless if you can\u2019t deliver the data to the people in your business who work with it day after day.\nEven if you are able to identify, secure, and deliver data, it\u2019s extremely difficult to fully understand how it\u2019s being used at scale, and even harder to take action against new threats. As user workflows become fragmented across disparate systems, retaining the semantic information and inserting points of control must be re-implemented for each and every system.\nThese are all forms of data friction that occur when data\u2019s inherent constraints keep it from satisfying the demands of the business. Tackling it requires a new approach that brings together data operators \u2014 those who manage data and its related systems \u2014 with data consumers including developers, data scientists, and anyone else who needs data to do their jobs.\u00a0DataOps\u00a0is the emerging movement that seeks to eliminate data friction through people, process, and technology.\nI\u2019ll have more to say on this in additional posts, including how data friction inhibits a successful data security strategy, and how DataOps techniques can help open new possibilities for the business.\nRead more about Delphix.