8 steps to better data security

Here are eight steps to consider when building a data security strategy.

With the growth of mobile computing and the reach of customers into online systems, the firewall boundary is becoming blurred. Virtualisation will deliver ever increasing benefits, but the way information is being processed and managed must be clearly understood.

  • Users need to recognise that they must develop a total set of information security policies and practices. Following ITIL, COBIT or ISO 17799 guidelines can assist in the steps to be taken - but these have to be done and implemented.

  • The identity management, antivirus and firewall considerations must come further into the network, not just left on the periphery.

  • Applications accessing data resources need to follow accepted routes. If the requests are coming from unknown routes within the firewall, this does not always mean that the requesting applications are all approved?

  • Logging activities and requests to produce a comprehensive audit trail becomes more important for all activities across the network. This relates to system changes, software updates and data movement as well as to application processes.

  • Data protection practices are designed to keep systems operational. The trend to using disk based backups means that there are many images of data on disk drives as well as on tapes.

  • Encrypting all data images needs to be carefully considered as well as encrypting data on laptops and other client devices.

  • Understanding how the system resources are being used, where the information is resident and what elements of the system are redundant are important steps in the process. This contributes to better information management as well as contributing to better utilisation of power, cooling, office space and cost containment.

  • And when it comes to archived information, can it clearly be proven that it has not changed or been tampered with since it was created. Such forensic considerations become important if or when put to test by courts of law or regulators some time in the future.
  • Embarking on this journey to secure the system operations and information assets will mitigate risks for each and every organisation. Recognising that there are risks is the first step. Identifying possible weaknesses, completing an appropriate risk assessment and identifying the necessary actions, need to be completed.

    Implementing appropriate solutions will help organisations to minimise embarrassing information management practices being exposed to the gaze of television and the press. Information has a value. Respect this and protect the data. Otherwise, loss of information could cost you dearly.

    About the author: Hamish E. Macarthur is the founder of Macarthur Stroud International. His experience encompasses the computer and telecommunications markets in Europe and the United States and covers strategic market issues through to the implementation of business plans and preparation of investment schedules. He has co-authored a book titled "How to Market Computer and Office Systems", published by Macmillan, and is a regular contributor to industry publications. A graduate in Mathematics from Aberdeen University, Hamish is a regular speaker at major conferences.

    Read more on Data protection, backup and archiving