This page contains a Flash digital edition of a book.
DATA MANAGEMENT


Gerard Curtin, CEO of Irish software firm PixAlert, who has worked in IT security for 23 years, explains why finding data is the cornerstone of protecting it.


D


iscovering where insecure, sensitive information resides on networks is


a key factor in shaping and determining successful data protection strategy.


Lack of visibility into critical data assets can leave organisations exposed to significant risks. Many well-documented cases of critical data leakage only serve to highlight the consequences, including criminal and civil litigation, reputational and brand damage, and hefty financial implications.


Managing critical or sensitive data is a crucial governance issue and organisations often struggle with the increasing complexity of compliance and legislative demands that now regulate the handling of particular types of information. To protect data it is essential to firstly discover the data that needs to be protected: before you can protect it, you must find it.


Identifying and determining the location of critical data can be challenging unless a structured data discovery strategy is implemented.


Data discovery is a fundamental factor in risk mitigation and a control in assessing governance and compliance capabilities. Whether in governance, compliance or information security, it is essential to establish a full and comprehensive understanding of where potentially exposed information resides on the corporate network. To comply with frequently changing regulation requirements, data protection must be clearly defined and include the ability to provide regular and detailed reports that address the


requirements of external assessors and internal stakeholders.


Organisations often accept payment in the form of cardholder data from multiple sources (manual transactions, email, web forms, web services, and others) but struggle to demonstrate to external security auditors that appropriate security measures are in place to protect such data throughout its lifecycle, for example, how this sensitive information is collected, stored and used.


Within its own right, the lifecycle of data should adapt a comprehensive approach to managing an organisation’s data, involving procedures, practices and applications. Discovering where sensitive and critical information is stored is the first and most critical step towards securing a data protection security programme. The ability to identify data and determine its location enables organisations to more readily assess the effectiveness of their data classification procedures.


It is essential to ensure critical data is maintained within protected areas of the corporate network. These areas are established after due consideration to location, security and data volumes. User Access Rights to these secure information repositories should be restricted by network logon credentials, which are managed via the network administrator. Data discovery is the exercise whereby the network is audited for the presence of critical data (e.g. cardholder data) and frequent data discovery exercises should be used to audit for the presence of unsecured sensitive and critical data.


Effective data protection strategy drives stability within an organisation, improving structures and operating efficiencies. Taking adequate measures requires the deployment of data protection solutions, enabling organisations to detect and safeguard their insecure, sensitive data. When choosing the right solution, product offerings incorporating the following features should be considered: flexible configuration of criteria for data discovery; speed of network scanning and network congestion; ease of use for data categorisation and classification models; ease of deployment and management; and comprehensive reporting identifying meaningful and actionable results.


These, combined with well-communicated corporate and governance policies, will help provide organisations with an operating discipline and efficient data security initiative for managing sensitive data as a key enterprise asset.


Through engaging comprehensive data security software and policies, organisations can significantly mitigate risk, gain clear visibility and take full control of their corporate sensitive data and IT assets.


PixAlert is exhibiting at leading industry event Infosecurity Europe 2011, to be held at Earl’s Court, London, from April 19 to 21.


Gerard Curtin


FOR MORE INFORMATION Visit www.pixalert.com


John Poulter, VP Europe, Middle East & Africa at Informatica explains the need to merge data while keeping it secure.


There is a wealth of information stored across public sector organisations. Gather- ing it all intelligently in one place would help the public sector draw on the combined value of this information. The data manage- ment challenge is to efficiently merge into one the information spread across different government departments, on multiple sys- tems, whilst keeping it accurate, timely and relevant. This is also key if the public sector wants to meet growing demands to make


54 | public sector executive Mar/Apr 11 information more open and accessible.


HMRC’s data ‘miscalculations’ at the end of 2010 highlighted the consequences of badly managing critical data. As well as whipping up a storm of confusion, the cost of rectify- ing the error and preventing it from happen- ing again are likely to have been huge.


So, whilst there may be a lack of awareness on what good data management involves,


the implications of financial loss are clearly understood. Taking public sector data in hand may seem daunting, but by putting systems in place to ensure consistency and educating people on best practice, a bigger picture can become clear.


From this big picture the public sector can truly understand its valuable assets and po- tential points of weakness, to mitigate risk before it becomes a reality.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68