Businesses are more and more concerned about business data protection. Network security, at the perimeter, is not a totally solved problem, but there is a community consensus among IT security professionals that the big vulnerability lies at the business data level.
Consequently, to solve the concerns surrounding business data protection, data encryption has become more interesting to IT professionals than it used to be. Database security, too, has become a more pressing issue.
The concept of the "deperimeterised organisation", associated with the Jericho Forum, comes into play with business data protection. This IT security thought leadership body contends that the traditional "firewalled" approach to securing a network boundary is at best flawed, and at worst ineffective. The examples they give to enhance business data protection include:
• Business demands that employees and partners can tunnel through perimeters or bypass them altogether
• A slew of IT products that cross the boundary, encapsulating their protocols within Web protocols
• Security exploits that use e-mail and Web to get through the perimeter.
The Jericho Forum’s core argument is that, increasingly, information will flow between business organisations over shared and third-party networks, so that ultimately the only reliable security strategy is to protect the information itself, rather than the network and the rest of the IT infrastructure.
Relatedly, in the UK, legislation such as the Data Protection Act gives individuals the right to know what information is held about them. This offers a constant challenge to organisations.
And, post-Enron, the business world on both sides of the Atlantic has had to face up to the tighter compliance regimes betokened by the Sarbanes-Oxley Act and the PCI (Payment Card Industry) directive.
These technology trends and corporate governance imperatives have combined to focus interest on business data protection.
Reed Elsevier’s chief information security officer, Leo Cronin, told Infosecurity Today that the most important development has been a shift from products that are designed to shield corporations from external threats to those focusing on data assets.
“During the late 1980s and up until recent times, the IT industrial-complex has made it very difficult to continue on a data-focused path with the advent of the PC, Lan and IP networks. The IT security profession has had to focus its energy (and spend) on the threats emerging from distributed computing and the internet .”
Business data protection – news stories
May 2007: IT rank and file nervous about adequate security >>
Business data protection – features/analysis
Business data protection – Blog posts
Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management
Stuart King: Another laptop theft >>
Business data protection – quizzes
Enterprise strategies for protecting data at rest >>
Demystifying data encryption >>
Preventing data leakage >>
Business data protection – podcast
PodLounge: podcasting community >>
Business data protection - weblinks