Securing data is considered as one of the most critical part in any organization today. Though technology play a major role in the entire process, but others critical aspects also must be taken into consideration. Author in this article has outlined the criticality of data security.
Everywhere you look, the quantity of information in the world is soaring. According to estimates, we have created 150 exabytes (billion gigabytes) of data in 2005. In 2010, we will create around 1,200 exabytes. In this scenario of information overflow, the capability of storing the bits that might be useful is difficult enough. Moreover, any analyses of such information, to spot patterns and extract useful data are harder still. Businesses around the world are caught in the web of more and more data and have been unable to seek the structured technique of mastering data management.
A case in point is that of mobile-phone operators who analyze subscribers’ calling patterns to determine whether most of their frequent contacts are on a rival network. If that rival network is offering an attractive promotion that might cause the subscriber to defect, he or she can then be offered an incentive to stay on with the current subscription. Big and long established industries crunch data with just as much gusto as new ones today. Retailers, offline as well as online, are masters of data mining (or “business intelligence”, as it is now known). By analyzing “basket data”, supermarkets can tailor promotions to particular customers’ preferences. Another example is that of the oil industry that uses supercomputers to trawl seismic data before drilling wells. And astronomers are just as likely to query a digital sky survey as to point a telescope at the stars. Availability of new media enables businesses to gathering more information about customers and their preferences/needs. Companies such as Google base the success by determining where a user clicked.
However, unlike in creative industries, the creators of the data do not own it. Laws have not caught up with the Internet and crime through data compromise runs rampant. High profile crime involving data theft is a regular feature in the news. In addition, a number of legislations such as the Sarbanes Oxley Act have been drafted and are being implemented though a number of companies need to comply with such legislations.
In the wake of increasing data thefts, businesses are becoming cautious and have tried to secure their data. But installing expensive data filtering equipment such as unified threat management appliances is just not enough. Technology is crucial in data security though there are a number of other implications for business need to be considered too. Let’s begin with technology.
Role of Technology
Most data security standards have helped considerably in raising security awareness particularly as customers have begun asking their vendors to be compliant before they finalize business deals. This is the back to basics approach that has certain limitations. For instance, if the USB drives are not disabled on all computers due to the improper deployment of policies, then that computer can become a gateway for malware to enter the network.
Often data is also exposed accidently by employees as seen in the case of Beaumont City in Texas where personal information of a number of workers was exposed online.
The threat of internal attackers like employees who have legitimate access to information is also increasing. Due to tight external controls, it is easier for outside attackers to get employees to facilitate leakage of sensitive company information. This provides disgruntled employees a chance to target their employers out of a sense of revenge. Yet, businesses need to keep employees engaged and give them sufficient information that will allow them to do their jobs effectively.
Another recent trend observed in businesses is the use of cloud computing and outsourcing. Through Cloud computing an organization’s data and applications are stored and served from a remote location typically over the Internet. It is also known as software as a service. One of the best examples of such a service is salesforce.com. This web application is a sales management system that allows organizations to track sales data including customer information. This data is stored on salesforce.com servers and not on the organization’s server. Cloud computing allows businesses to reduce costs significantly and to keep up with technology allowing businesses to become more focused.
However, attackers have begun to target the server farms of cloud providers too. Also, issues of the privacy and confidentiality of data, sharing data with government and differing laws on the treatment of data make this a potentially hazardous undertaking for businesses. So how are companies meeting these challenges?
Addressing Challenges
Many vendors of network equipment are now integrating a number of programs into single easy to use appliances. For example, a firewall appliance doubles as an intrusion detection system.
Another trend is to correlate logs via special correlation engines or in some cases by hand. This gives IT administrators a complete picture of what is happening with the IT infrastructure. Similarly, companies are using more and more data to find trends in their operating environment. Li & Fung a large supply chain management sources goods for several suppliers. They make heavy use of video conferencing and real time data analysis. Since management was able to get an overview of its operations it was able to move it’s facilities away from the south of China where there were labor shortages and was able to anticipate the global economic downturn.
Several companies under pressure from customers or due to legislative requirements are adopting a variety of security standards such as the PCI Data Security standard, ISO 27001.
As a direct consequence of adoption of such standards, a number of companies and independent security consultants are setting up shop in maturing markets such as India. This has lead to a situation where there is an oversupply for security expertise that is a welcoming situation for the consumer as he/she has a vast choice of expertise. This is driving down the rate for security services further creating a situation where certain security services have become commoditized.
Another trend observed now is that a number of security related functions are going in-house. These functions include the creation of an information security management system, ISO 27001 implementation and business continuity management.
Ironically, consumers are putting more and more personal data online. For instance, Twitter allows users to show their location while sending messages. The same applies to a video sharing service such as qik (http://www.qik.com). Several governments are also engaging with businesses in e-governance initiatives. For example, the Indian income tax department has made the electronic filing of tax returns for companies compulsory and optional for individuals.
In conclusion, the deluge of data is accompanied by new fields and opportunities for businesses. Data is rarely consumed in its original form. Data intermediaries help consolidate data. Plus new academic disciplines such as data visualization are on the rise which is creating new business opportunities.
—By: Pranav Lal, Consultant Information Security Management Services, Mahindra Special Services Group. You can reach him at: pranav.lal@mahindrassg.com |
