The 10 Most Common Data Security Issues and How to Solve Them

Gordon Rapkin, president and CEO of Protegrity, has come across every conceivable data security issue. Here he has highlighted the most common ones, along with some advice on resolving the problems.

#1 – Not knowing who uses what data and where it is.

You can't secure data without knowing in detail how it moves through your organisation's network.

Begin by doing a thorough inventory of sensitive data (See fig 1).Then develop a “Sensitive Data Utilisation Map" documenting your findings. Also consider building a series of diagrams to show where and how data moves through the system. All the parties involved should check these diagrams, and this process will itself raise awareness of both the value and the risk to sensitive data.

#2 – Treating all data equally

Business managers need to classify data according to its sensitivity and its worth to the organisation so they can correctly evaluate and fund different levels of protection. “Data Asset Valuation” is a very worthwhile ROI-type of activity.

The goal is to correlate a variety of criteria, including regulatory compliance mandate, application utilisation, access frequency, update cost and competitive vulnerability to arrive at both a value for the data and a ratio for determining justifiable security costs.

#3 – Focusing solely on regulatory compliance concerns

Virtually all government and industry privacy and security regulations boil down to the most basic best practices of data security. So being able to pass a regulatory audit does not automatically ensure effective security.

Instead of trying to protect your organisation's data assets by solely striving to meet individual regulatory requirements, focus on complying with security-centred processes, policies and people, reinforced by security solutions such as automated policy enforcement, encryption, role-based access and system auditing. In other words, do the right things instead of just the required things.