Friday, October 26, 2007
Data Security Best Practices
We talk a ton about data security and never fail to report on data breaches. Data security is a top concern for businesses today. And, since RRW Consulting (our business) relies heavily on customer data availability, that means data security has the potential to keep me up at night.
That's why I was pleased to see this set of actionable best practices published by Ironport Systems, a Cisco business unit and a leading provider of enterprise spam, virus and spyware protection.
From the Ironport press release: "Data Loss Prevention (DLP) is a serious issue for companies; the number of incidents (and associated costs) continues to increase. Whether it's a malicious attempt, or an inadvertent mistake, data loss can diminish a company's brand, reduce shareholder value, and damage the company's goodwill and reputation."
So, what are these best practices? I'll summarize below.
Best Practice #1: Take Time to Define DLP (Data Loss Prevention) Needs. They advocate thorough documentation of the sensitive data that exists within an organization, and recommend developing policies to control and enforce how that data can be shared.
Best Practice #2: Prioritize the DLP Focus. Start with the areas where you may see the biggest problems, where you are most at risk, and those that represent the greatest potential loss.
Best Practice #3: Ensure Effective, Comprehensive Coverage. Make sure that you have the technology in place to detect attempted policy violations. This includes things like e-mail attachment analysis, automatic enforcement of corporate encryption policies and the ability to block or quarantine certain messages.
Best Practice #4: Make the Solution Unobtrusive. They recommend using technology that makes data security invisible to the users. It just happens, and users don't have to concern themselves with it.
Best Practice #5: Look for Work Flow, Administration and Reporting. Make sure that people in your organization responsible for data security have the ability to receive reports outlining detected violations and providing in-depth information to enable them to take action.
Best Practice #6: Combine Best-of-Breed Solutions. I think that this is a true for any complex technology solution, by the way. Make sure that whatever data security technology you invest in can be integrated with other solutions. This will make sure that you can keep up with changes in security technology (both from the bad guys and the good guys) in the future.
So, while data security is not the most fun thing to chat about on a Friday morning, I do think it's important. Hopefully, these guidelines will get you thinking about what your organization does to protect one of your most valuable assets, your customers.