Business data protection: the expert view

News stories, features, podcasts, blogs and links on all aspects of data protection

Businesses are more and more concerned about business data protection. Network security, at the perimeter, is not a totally solved problem, but there is a community consensus among IT security professionals that the big vulnerability lies at the business data level.

Consequently, to solve the concerns surrounding business data protection, data encryption has become more interesting to IT professionals than it used to be. Database security, too, has become a more pressing issue.

The concept of the "deperimeterised organisation", associated with the Jericho Forum, comes into play with business data protection. This IT security thought leadership body contends that the traditional "firewalled" approach to securing a network boundary is at best flawed, and at worst ineffective. The examples they give to enhance business data protection include:

• Business demands that employees and partners can tunnel through perimeters or bypass them altogether

• A slew of IT products that cross the boundary, encapsulating their protocols within Web protocols

• Security exploits that use e-mail and Web to get through the perimeter.

The Jericho Forum’s core argument   is that, increasingly, information will flow between business organisations over shared and third-party networks, so that ultimately the only reliable security strategy is to protect the information itself, rather than the network and the rest of the IT infrastructure.

Relatedly, in the UK, legislation such as the Data Protection Act gives individuals the right to know what information is held about them. This offers a constant challenge to organisations.

And, post-Enron, the business world on both sides of the Atlantic has had to face up to the tighter compliance regimes  betokened by the Sarbanes-Oxley Act and the PCI (Payment Card Industry) directive.

These technology trends and corporate governance imperatives have combined to focus interest on business data protection.

Reed Elsevier’s chief information security officer, Leo Cronin, told Infosecurity Today  that the most important development has been a shift from products that are designed to shield corporations from external threats to those focusing on data assets.

“During the late 1980s and up until recent times, the IT industrial-complex has made it very difficult to continue on a data-focused path with the advent of the PC, Lan and IP networks. The IT security profession has had to focus its energy (and spend) on the threats emerging from distributed computing and the internet .”

Business data protection – news stories

May 2007: Storage decisions sessions downloads >>

May 2007: Firms wary of call to boost powers of data watchdog >>

May 2007: IT rank and file nervous about adequate security >>

April 2007: ISPs and software developers must be 'more responsible for security' >>

April 2007: Data breach fears rise >>

March 2007: Compliance drives security spending >>

January 2007: Backup product software specifications >>

November 2006: BCS launches advice site to help firms tackle data security >>

October 2006: UK firms get data security wake up call >>

Business data protection – features/analysis

Information security: The route to compliance >>

Laptop-tracking technology rarely used among SMBs >>

Mobile device encryption a practice not often applied >>

Encrypting mobile devices: a best practice no one uses >>

Business data protection – Blog posts

David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security

David Lacey: Whither de-perimeterisation >>

Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management

Stuart King: Another laptop theft >>

Business data protection – quizzes

Enterprise strategies for protecting data at rest >>

Demystifying data encryption >>

Preventing data leakage >>

Business data protection – podcast

PodLounge: podcasting community >>

Business data protection - weblinks

British Computer Society security website >>

Wikipedia: information security >>

Federal Trade Commission: protecting personal information >>

The Open Group: security forum >>

InformationWeek >>

ScienceDirect: Infosecurity Today >>

Read more on Privacy and data protection