Untitled Page

Excerpt from: {see} Digital Magazine - Issue #1
Published: December 12, 2007



THE HARDEST THING TO DO IS ACQUIRE A NEW CUSTOMER… THE EASIEST IS TO LOSE THEM

SEVEN DATA SECURITY PRACTICES OF HIGHLY SUCCESSFUL ENTERPRISES

Businesses today think nothing of spending millions to acquire new customers, to build the infrastructure to handle their transactions and to purchase the systems that store information about these clients. And yet, when it comes to buckling down and protecting that vital information, many organizations still hem and haw at the expense.

The truly smart enterprises are realizing that the cost is too great to not protect the data. Each day the headlines announce new corporate security failures, new breaches exposing sensitive customer information. Your clients are looking to do business with a company that can show it is serious about protecting their privacy.

Here are seven critical considerations that you should think about on the path to improving your organization’s data security.

Go with the flow
Start by assessing your IT environment to understand how sensitive data flows through the infrastructure. Where are those critical data stores located? How are transactions streamed through your system and network topologies? Evaluating the relationships and interdependencies will give a better sense of where the weaknesses lie. This can make an excellent starting point to begin a programmatic approach to protect the data.

Look for data in transit
The typical business environment consists of many enterprise applications that are critical to the organization. While often-separate applications, they are interdependent for key pieces of information. The typical mode of transferring data from one application to the other is through files – typically ‘flat’ files that are exported from one application and imported into the other. These files are almost always in clear text. The lines may be secured using SSL, but the files before and after transmission are often stored in the clear, and in many places. This is a serious exposure that needs to be addressed.

Leaving a legacy
Some of the most vulnerable holes that enterprises leave open are within their legacy systems. For example, mainframes within many organizations are the chests that hold the crown jewels. Huge databases are stored on them and a staggering number of transactions are processed through them. Unfortunately many of these mainframes are being put on the back burner from a security standpoint. These older systems were designed in a time where networks were safe and users were always trusted. That’s not true anymore, but many businesses have not added appropriate measures to account for the paradigm shift, or assume there are no practical solutions in the market. There are.

Find lurking data
A conscientious and systematic data security approach will ferret out sensitive data from the strangest of places. Various "non-traditional" data stores such as images and voice recordings have the potential to hold sensitive information. If they are the source of your next data breach, most customers won’t really care how they were exposed. Effective security practitioners need to find ways to seek out these types of data files and guard them with the collective whole.

Cinch the web apps
Web applications have really opened up the way enterprises do business. These online applications have made it easier for customers and partners to access data and to conduct transactions. The problem is that this latest wave has also made it easier for hackers to tap into corporate databases. Some web applications were created on the fly by web developers with little grounding in secure coding principles. They’ve been borne out of convenience rather than safety. Some are developed correctly, but with thousands of known vulnerabilities even the best developer cannot keep up with the maintenance. Hackers know this. They also know that these applications are usually linked to some of the biggest and most sensitive data stores businesses own.In order to keep this low-hanging fruit from being plucked by the bad guys, enterprises today must tighten the security around their web apps.

Not so easy does it
At first blush, data protection technology like encryption might seem easy to implement. But the management of these solutions is more complicated than that. Already harried IT organizations must securely create, store and rotate the keys that regulate access to the encrypted data. If they don’t, encrypting just becomes an exercise in futility. The data will still be open to exposure.Smart businesses don’t try to reinvent the wheel by developing their own home-brewed encryption management tools. They let the experts who’ve perfected solutions over the years help them do this. This not only ensures the security of the data consistently across the variety of platforms in an organization, it also frees programmers to work on projects that enable the business.

A return on investment
One of the most difficult parts of spending money on security is that traditional return on investment analysis proves to be difficult with these projects. Calculating a return on a non-event, in this case a prevented security breach, is a challenging task.

However, there is a way to gauge a Return on Data Security Investment (RODSI). It involves the measurement of the many potential costs of a security breach. How much will an exposure cost your business to conduct public relations, to hire credit watch services and to notify customers? These are all very real expenses and many of your competitors are spending money on them today due to their lack of foresight.

Factoring these potential expenditures allows you to develop a meaningful RODSI that can easily justify the cost of data protection.

To learn more visit protegrity.com

TOP DATA SECURITY BREACHES OF 2007

SAIC
By neglecting to encrypt data sent over the Internet, employees of government contractor Science Applications International Corp. put sensitive information of more than 800,000 U.S. service members and their families at risk.

Fidelity National Information Services
A senior-level employee of a subsidiary of financial processing company Fidelity National Information Services stole 2.3 million consumer records containing credit card, bank account and other personally identifiable information.

Los Angeles County Child Support Services Dept.
Several laptops containing personal information – including about 130,500 Social Security numbers – were apparently stolen from the department’s office.

View This Article and More inside {see} Digital Magazine

The full HD experience -Leading The Way Conference

View Our Other Articles From This Issue of {see} Magazine

IDENTITY FRAUD

THIN-FILE CREDIT

KNOW YOUR FREEZE LAWS

MOTIVATING WITHOUT MONEY

PREPAID CARDS: PROFIT OR MONEY LAUNDERING BANE?

 
 
FEATURED PRODUCTS
Business Solutions Newsfeed   Subscribe To Microbilts Business Solutions News Feed

There are criminals and other ne'er-do-wells located in every corner of the globe, ready to strike out at nearly any industry. Think of it this way: There are pickpockets at m
...[More]
Every Veteran's Day, Americans are reminded of just how much the various members of the armed forces do to make sure citizens are safe and protected. This day can also serve t
...[More]
Debt collectors may have a wide array of tools at their disposal to try and find the people who owe money such as consumer credit reports and a backlog of personal information
...[More]
Find Us: