RSS Alerts

Related Links

Related Stories

  • Comment: Who can you trust with your organization’s information?
    Martyn Smith of Logically Secure looks at a number of high-profile breaches of data security and their underlying causes. He also examines how organisations passing on valuable data to third parties can assure its protection and better understand each other’s security without relying only on trust or intrusive inspections
  • A blueprint for secure intellectual property
    Protecting intellectual property (IP) is imperative for any business. Providing a unique business model will encourage revenue, and keeping selected information from ambitious soon to be ex-employees should help to stave off the competition. Add a recession to the mix, complete with unscrupulous tactics, legal grey areas and an increase in redundancies, and the brewing threats might just boil over. Rob Stringer looks into the not-so-secret formula for keeping intellectual property secure
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Espionage in sport
    Where there’s money, there’s cybercrime, and sport is no exception. Stephen Pritchard examines the pitfalls and vulnerabilities that the sporting industry faces in securing its vital information
  • Millions of corporate laptops lack security says Check Point
    Research just published claims to show that around half of business laptops are vulnerable to security issues such as theft or data loss.

News

RSA Europe: The challenges of data protection

26 October 2009

There are several reasons why organisations appear not to take data protection seriously, Mike Smart, EMEA product marketing manager at McAfee said at RSA Europe in London on 22 October.

One of the problems, is lack of ownership – who is responsible for data protection. Smart said it is often a case of the IT department thinking it is the board’s responsibility and vice versa, when it in fact is the responsibility of both.

Another issue around data protection is lack of experience as this is a relatively new concept. Companies often do not have data protection expertise in-house, and who do you turn to for expert advice and how do you know that advice is sound? Smart admitted that even vendors like McAfee, tended to be experts in their own product offerings, but not necessarily have a full overview of everything on the market.

Smart also said there is a lack of regulatory enforcement of data protection policies and regulations. In some countries it is enough for a company to have customers in that country to have to comply with its data protection laws – but how can it be enforced? Smart added that data protection is not enforced to a degree where people would pay attention, but that this is now changing. One example would be the new powers bestowed on the UK Information Commissioner’s Office (ICO) from April 2010.

Finally, Smart said that data protection is facing the problem of a lack of integrated technology. Some organisations have a lot of security solutions, but no solution to manage all of them.

Smart told the RSA Europe audience that these hurdles are the reason why data protection has not been adopted faster. However, the drivers for data protection are getting stronger and harder to ignore as companies are starting to be held responsible for their data losses.

Data protection solutions

The way to go about data protection is to focus on the data and “protect the data all the way”, Smart said.

You must “know what data you have and where it is before you can protect it – how does it move around?”

Organisations must review their data usage policies and data risk assessments, which will help them to revise data usage policies and to build a business case for data protection. This in turn leads to up-to-date data usage policies, and top level visibility and support – which again lead to budget for data protection.

Businesses must also set realistic goals for data protection implementation, Smart added.

Data protection and mobile devices

With an increasingly mobile workforce, data protection is not only about protecting data at rest. One example is employees downloading work files onto flash drives – not out of malice, but in order to finish of work at home. Organisations need to know what is plugged in and have a content aware data protection solution to avoid data loss, Smart said.

There is also the problem of virtual vectors like webmail, blogs and social media and lost or stolen devices such as laptops.

Smart recommended having integrated security, full disk encryption, central device management, and content inspection for automatic policy-based selective encryption of emails, to address some of these problems.

But in the end, the main message for protecting data, is “focus on the data!”, Smart concluded.

 

This article is featured in:
Business Continuity and Disaster Recovery Compliance and Policy Data Loss Encryption

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water