SignUp  Login 
  PROTECT YOUR DATA
* Prevent Data Leaks
* Share Your Data With Confidence
* Safeguard Your Intellectual Property and Trade Secrets
* Prevent Unneccessary and Costly Lawsuits
* Control Forwarding, Printing, Who Has Access And When They Do
* Secure Email, Attachments, and Files on Your Network
Data Protection
A growing challenge
By Tim Johnson
January 8, 2007
Data protection is a growing challenge as computer security threats continue to grow around the world and the damage is costing millions.

As the digital age continues to expand, data protection is increasingly complicated. As each business has different types of sensitive data to protect with unique concerns about how they need to protect it. One of the first steps in tackling this problem is to create an 'information security policy' outlining what sensitive data a business has and how they plan to protect it.

According to Information Security, the cost of a data breach increased 31 percent in 2006 and the insider threat is the top concern for 2007.

Why is this a growing concern?

There are several reasons why data protection has become a top challenge to the computer security industry. Here is a short list:

  • Increase in data leaks of personal information
  • Increase in government regulations to protecting personal information
  • Increase in the cost of a data breach (31 percent increase in 2006)
  • Increase in risk of leaking intellectual property and trade secrets
  • Increasing in outsourcing and remote workers, giving more people access to sensitive information
  • Unsecured email (which has increased more than threefold in recent years) and instant messaging is being used to share sensitive information
  • One data leak could destroy a company, as customers flee when they are told about how their personal information has been leaked and they are now in danger

One problem to the next

It seems like just last year the top computer security concerns were spamphishing and website spoofing.  And before that it was viruses, worms and spyware. Although these problems are still real today, there effects will diminish with time, as more computers get equipped with protection software against these threats. As the Internet begins to age and become a stabilized industry, we should see these concerns diminish over the next 10 years. But today, data breaches are quickly becoming the top computer security concern.

Information is growing exponentially

It's one thing to protect the information your business already has, and another thing to protect the information it will collect tomorrow. Businesses are collecting electronic information so fast that it's hard for them to keep taps on what information they have from day to day.  Inside an organization, electronic information is everyone, in thousands of formats, scattered across several network servers and databases.

Stationary information like customer records, corporate financial records and marketing research are usually stored within secure databases behind the company firewall and therefore can be easier to protect. Companies are in control of all interaction with this information. But, because of the increasing trend to utilize off-site and offshore workers, even this information is at risk. Providing remote access to sensitive information can be very risky.  If an intruder finds a way in, the entire database is at risk. They could expose an entire customer record set, which could cost your business millions in lost customers and privacy lawsuits.

Information in motion is even harder to protect because it can travel outside the corporate network when it needs to be shared with contractors, partners, off-site workers and customers. This information is also stored in a growing number of unstructured formats like Word documents, PDF files, Excel files, etc.

The Insider Threat

The biggest threat to data security may come from insiders who have free and easy access to sensitive information. They could copy a database to a CD and walk out the door and before you know it, your customers are being targeted for identity theft.

The Outsider Threat

The second biggest threat to data security may come from the outsider, who have found  sensitive information in an email that has accidentally or maliciously been forwarded to them. According to a 2005 survey conducted by Forrester Research, 25% of outbound emails contain content that poses a legal, financial, or regulatory risk. And once the information leaks, its hard to legally prosecute who is to blame, as  Apple learned last year when a California state appeals court rejected Apple's bid to identify the sources of leaked product information that appeared on the web, ruling that bloggers and online reporters are entitled to the same protections as off-line journalists.

Education is part of the solution

Training employees to understand the risks and teaching them how to protect sensitive information can be a critical line of defense. When employees are educated in the ways they can help protect the company and understand that a data leak could be devastating, they are much more likely to help out.

Employee training should provide instruction on everything from what constitutes legitimate file access to what employees should do if they access the wrong file by mistake. A company should also consider creating a training video that new hires see during orientation and everyone else can see via the company intranet. 

Finding the right solution

Because of the many different needs of each business, their is not a 'one size fits' all solution. In fact, there are about 40 companies with data protections solutions, and most of them have just released their products in the last few years.

Each business needs to look at what regulations they need to be concern about and what type of data they need to protect.  Instead of waiting to buy a solution until a company has this all figured out, it should consider buying an easy-to-use solutions with a small financial commitment right now.  Then, after the company has some time to better understand its' individual needs, they should switching to a permanent solution.
  INDUSTRY RELATED ARTICLES
* Controlling information leaks
* A Chronology of Data Breaches, since April 2005
* Companies rush to plug 'data leaks'
* Federal Trade Commission: Fair Information Practice Principles
* Corporate Data Leaks Spur Interest in Storage Security
* The ABCs of Intellectual Property Protection
* Keystroke Cops: Monitoring access to corporate data
* Five common insider threats and how to mitigate them
* Staying Afloat by Plugging up Data Leakage
* U.S. tally of data breach victims tops 100M
  SECURITY CONFERENCES
* CCG Corporate Security: The Next Step, March 2007
* Gartner 13th Annual IT Security Summit, June 2007
* The Security Standard, September 2007
* Security Solution Virtual Tradeshow, September 2007
* InfoSecurity Conference & Exhibition, September 2007
  INDUSTRY WHITE PAPERS
* White Paper: Right Management Systems to Comply with Government Regulations
* White Paper: Seven questions about securing email in the enterprice