The way organizations have approached data protection has changed dramatically and promises to keep changing at a rate that will keep security pros earning their pay. Once, securing the perimeters of the organization against intrusion was considered the best approach. Then, applying encryption to sensitive data and resources gained favor, later complemented by stronger authentication techniques to restrict access to servers, PCs and media. Presently, the security focus embraces data security and regulatory compliance, bringing these twin requirements under an umbrella that emphasizes accountability, privacy and protection of data, regardless of what form the data takes.
Anyone with a bit of experience in this industry knows that achieving 100 percent security is an oxymoron. The ingenuity of hackers and thieves in their quest to breach security is unendingly pitted against the inventiveness and prescience of data security pros working to foil their attempts. The high stakes leave no time for anyone to be asleep at the wheel. Typically, the goal is to make it too difficult and too expensive for anyone to defeat the security mechanisms in place — to stay one step ahead of the thieves' capabilities.
Given that future data threats are unknown and 100 percent security is impossible, what is the appropriate way for organizations today to minimize the vulnerabilities in their data use? The key is to look for the greatest points of vulnerability — the gaps in data security. If your perimeter is secure (and it should be), are the laptops used by your mobile workforce protected? Are the encryption keys that are used to protect data resources hidden and guarded? Are the internal servers used by temps and contract workers secure against a data breach?
A strategy session where the stakeholders in your organization meet with the security team may help uncover the weak points and develop countermeasures.
A holistic, 360-degree approach to data security can satisfy two related organizational requirements. One: the regulatory climate worldwide requires that data privacy and accountability be protected by organizations that use and store sensitive information. Two: corporate policies and brand integrity needs make it essential to protect data against loss or theft. Whereas in the past, disconnected and fragmented approaches to data security often left substantial gaps in the level of protection, today a more unified and universal approach holds the best promise to guard against known and emerging threats.
Accountability is also an important part of the equation. You not only need to protect the data, you need to demonstrate that you've taken measures to prevent data breaches and account for the validity of each data transaction. Compliance and sound data security are complementary sides of the same coin.
Without the ability to travel forward in time to survey IT developments, we're best served today with a strategy that provides 360-degree protection against data threats. Central management can be a big step in that direction. A centrally managed data security solution establishes a consistent platform for implementing corporate security policies and providing the accountability to satisfy the regulatory agencies. It also helps ensure that vulnerabilities in the security approach can be effectively identified and fixed by granting visibility into the data use patterns in complex IT environments. With a centralized solution of this type — using the strongest, most current encryption algorithms and the most effective authentication techniques — you can plug the gaps and keep the hackers at bay. And, by tracking, monitoring and evaluating trends — through transaction histories, data use patterns and analysis of fraudulent incidents — you'll be prepared to address emerging threats before they do damage.
Raphael Leiteritz is head of innovation, corporate business and new strategy, Utimaco Safeware AG.