Data Security: Protecting Your Most Precious Asset

In the late 80’s and 90’s, most of the projects I was involved with were about converting paper based systems to computer entry, mostly PCs. In those days, it was very easy for a project to show results. Even a poorly designed system could easily show dramatic productivity improvement by replacing paper based data with digital data. But that was just the beginning.

Increasingly, technological progress revolves around the accumulation, use and leveraging of data. Google has built an industry based on leveraging data it obtains from users of its free services. That’s the business model for Facebook, Twitter and other social networking sites.

However, it goes way beyond those types of advertising based industries.
If you want to be successful in today’s competitive business environment you must be able to obtain and utilize data from your customers and operations. That means that data is a precious asset that is to be coveted and protected. Data has never been more important to business and commerce.

Data has also never been so at risk.

Almost every day there is a story in the news about an organization that failed to protect its data assets. Data breaches at Target and Neiman Marcus are spectacular examples, but are just the tip of the ice berg.

Last February, we learned that the hacker group Anonymous had breached a Federal Reserve system used to communicate with bankers in emergencies, such as natural disasters or other crises. On Super Bowl Sunday, Anonymous published the personal information of 4,000 bank executives in what they called their own Super Bowl Ad!

Yahoo recently revealed that hackers had stolen over 400,000 user credentials. Earlier this year, Yahoo Japan revealed that the credentials of 22 million users had been compromised. Hacker can use these credentials to steal user information and impersonate users in phishing expeditions.

Protecting your data begins with the business processes that accumulate data from operations and interactions with customers and vendors. Increasingly those interactions occur online via the web. Your customer’s need to feel free to trust you with their personal and financial information. That is why e-Commerce sites use Enhanced Verification (EV) SSL. The greenbar on the browser and the Trust Seal they can display send a message that they are a merchant to be trusted.

However, securing your connections with SSL is just one part of data security and maintaining customer trust. If hackers can breach your network they may access your database systems and infect your web sites with malware. That is why it worth using scanning services that identify threats and security issues with your site. Such services may assist with PCI Compliance, necessary to be able to accept bank credit card.

The Federal Reserve reported that the February Anonymous breach was the result of vulnerability in a vendor product used on their web site. That is exactly the type of vulnerability that such scanning services are designed to identify.

Protecting your public facing web site is a high priority today, but every device that connects to your network is a potential entry point to a data breach. Hackers are increasingly using the techniques of Advanced Persistent Threats (APT), and the key word here is persistent. If they can identify just one access point to breach, no matter how seemingly insignificant, they have proven the ability to slowly work their way through a network to high value targets.

In the age of BYOD, this is a challenge that demands specialized software for managing end point security. Endpoint security management software is used to make sure that all devices that connect to your network have the latest firewall, antivirus protection and conform to your security policies.

Protecting your data, your customers and your reputation requires constant vigilance and a commitment to internet security and the latest technology.

ITSM Tools