Organisations underestimate the value of their data security, yet the cost implications of doing so can be catastrophic.  Whilst daily systems and processes may be sound from a workflow viewpoint, how secure are they?  This article outlines the three key areas for consideration and specifies what you should demand from your software solution.

Safeguarding your data is vital in ensuring efficient continuity of operations.

There are many reasons why business operations fall over not least due to the sheer volume of systems and processes in operation.

The technologies and systems in place may be top-notch and increase corporate efficiencies and productivity many times over.  But is the data secure when in transit and storage?  Corporate data is to an organisation what oxygen is to red blood cells and the infrastructure through which it flows is critical and must not be underestimated.

When considering the security of your data, you need to address these three key areas:

• Data in situ.
• Data in transit.
• Authentication of identities and transactions.

Data in Situ

One perspective of protecting data in situ involves whole disk encryption solutions that prevent stored data from being unlawfully accessed on the computing endpoints.  This can be centrally managed on premise but increasingly organisations are seeing the financial and logistical benefits of outsourcing to cloud-based managed data encryption service providers.  Solutions offering consistent protection on multi-platform devices with rapid deployment, web-based management, easy secure recovery and strong encryption remain key considerations.

Data in Transit

A primary data on the move application is email where businesses need to be protected from ‘organised crime’ inbound threats and either deliberate or ‘accidental’ data breaches via outgoing email.  The threat management technology of choice not only has to be the solution delivering protection from spam, viruses, phishing, spear phishing but should also enable a framework of control that identifies then protects intellectual assets through policy-based encryption.  Both structured and unstructured data must be protected.  Human error prevention is crucial in this area so choose a solution that helps avoid costly fines and ensures regulatory compliance.

Authentication of Identities and Transactions

This area requires the efficient management of digital certificates and cryptographic keys.  Failure to do this has recently been quantified by the first Annual Report from the Ponemon Institute exposing the true cost of misplaced trust as a result of the mis-management in this area.  Alarmingly over 50% of recipients didn’t know how many keys and certificates were in operation within their organisation.

Managing this critical area can be simplified and completely automated with software solutions that initially identify and record every single key and certificate on a computer estate.  The software creates a database to record them, establishes their respective expiry dates, monitors and subsequently alerts in advance of expiry.

Additionally, human error can be eliminated by automating the enrollment and application of expiring keys and certificates thus closing the door to security breaches that potentially bring organisations to their knees.  Seamless continuity within this area is achieved from those software solutions that also automate the download and deployment of these keys and certificates.

Choosing a digital certificate and encryption key provider should also be seen as a vital component to ensuring continuity of operations.  If you don’t have the budget available to automate the process then you need to minimise the downtime experienced if a key or certificate expires.  Some providers can take up to 48 hours to deliver replacements yet vendors exist that provide replacements within 2 hours.

What are the Costs of Data Mis-Management?

The implications of mis-managing data within your organisation can result in significant unforeseen direct and indirect costs.

Direct costs include loss of imminent sales. IT professionals diverted from other projects to resolve data compromise issues. Financial penalties levied from professional/legal/government bodies and complete technology and costs associated from systems overhauls and resulting new capital purchases.

Data held within the cloud itself can also be easily encrypted although the emphasis here should be on cloud ‘access’ security.  Even though storage of the data in the cloud can be easily protected, it is the entity accessing the data that needs to be validated and their actions verified.  Cloud security, by its very nature, has to place trusted entities and communication integrity as its priority. Cloud data storage moves the emphasis away from the security of the data itself towards the integrity of interactions and the security processes permitting entities from accessing the data in the first place.

Failure to protect your data, or to protect the integrity of your cloud computing infrastructure can, indirectly, erode your corporate reputation as trust in your organisation has been compromised.

In Summary

There are many potential pitfalls within the management of data security but obtaining professional advice from IT consultancy companies can steer you through.  When seeking advice it is always best to use the services of IT security professionals that are security cleared.