Generally, data security is the process or procedures put in place to ensure that data is protected from corruption and unauthorised access. The focus behind data security is to ensure privacy while protecting personal or corporate data.
In the current global environment data have become a valuable asset for any corporate and any loss of critical data may result in loss of reputation or huge governance fines. Data Security has also become subject to intense regulatory scrutiny – so much so that any viable Data Security solution must be able to address the requirements imposed by auditors and regulators.
Different organisations in the public, medical, insurance, science, financial, tourism/Leisure and telecomms industries collect all sorts of data from personal to financial data which they use in their day to day business processes. This data resides on file servers or databases and is accessed by users via a variety of ways over the internet and not to mention indirect access via other internal systems or applications. Hence as data moves or as it is stored somewhere the risk of loosing it increases exponentially. Because of this organisations need to implement repeatable data security controls to protect critical personal and corporate data throughout the data lifecycle.
Because critical data such as corporate strategies/secrets, personal data, credit card data etc have become part of a profitable market, over the last few years we have seen such data being at constant risk from hackers launching automated and large scale attacks and from other malicious and privileged insiders
Therefore, organisations need to take proactive procedures to protect critical data. Some basic controls include:
- Implementing Security Policies and Procedures
- Classify and tag information according to its value or risk of breach
- Apply adequate Access controls and principles of least privileges
- Implement and design an effective data loss prevention solution (DLP): Real-time protection against hackers and malicious insiders targeting sensitive data
- Apply data Risk Management: Continuous and repeatable process for identifying and mitigating data risk
- Control and monitor the use of Portable storage devices such as USBs and PDA
- Protect data in storage or archived data i.e implement secure backup solutions
- Encrypt Data as it moves or as it’s is stored. Also encrypt hard drives and portable storage devices
- Educate users across the organisation about data security
- Carry out continuous self assessments to check if all data is protected according to policy and compliance requirements.
- Implement Fraud detection technologies and proper segregation of duties
- Patch and implement effective vulnerability management procedures
The list goes own but the basics start with an organisation knowing the value of its data assets and the applying enterprise wide data security solutions based on the organisation’s information security policy and other compliance requirements.