Skip to main content

3 guiding principles to improve data security and compliance

News headlines about the increasing frequency of information and identity theft have focused awareness on data security and privacy breaches — and their consequences. In response to this issue, regulations have been enacted around the world. Although the specifics of the regulations may differ, failure to ensure compliance can result in significant financial penalties, criminal prosecution and loss of customer loyalty.

In addition, the information explosion, the proliferation of endpoint devices, growing user volumes, and new computing models like cloud, social business and big data have created new vulnerabilities. To secure sensitive data and address compliance requirements, organisations need to adopt a more proactive and systematic approach.

Since data is a critical component of daily business operations, it is essential to ensure privacy and protect data no matter where it resides. Different types of information have different protection requirements; therefore, organisations must take a holistic approach to safeguarding information:

  • Understand where the data exists: Organisations can't protect sensitive data unless they know where it resides and how it's related across the enterprise.
  • Safeguard sensitive data, both structured and unstructured: Structured data contained in databases must be protected from unauthorised access. Unstructured data in documents, forms, image files, GPS systems and more requires privacy policies to redact (remove) sensitive informa­tion while still allowing needed business data to be shared.
  • Protect non-production environments: Data in non-­production, development, training and quality assurance environments needs to be protected, yet still usable during the application development, testing and training processes.
  • Secure and continuously monitor access to the data: Enterprise databases, data warehouses, file shares and Hadoop-­based systems require real­ time monitoring to ensure data access is protected and audited. Policy-­based controls based on access patterns are required to rapidly detect unauthorised or suspicious activity and alert key personnel. In addition, sensitive data repositories need to be protected against new threats or other malicious activity and continually monitored for weaknesses.
  • Demonstratecompliancetopassaudits: It's not enough to develop a holistic approach to data security and privacy; organizations must also demonstrate and prove compliance to third­-party auditors.

Download this whitepaper below.