Shilpi Dey - Product Marketing Manager
In today’s economy, more than ever, losing customers can be detrimental to a business. One surefire way of losing a customer is to lose their trust. A data breach affects an organization in many ways, and loss of reputation is just one of them.
Most organizations identify data at risk from the most common starting point – the endpoint. These are the laptops, desktops and USB devices that house an organization’s most sensitive data. However, increasingly, organizations are realizing that simply securing endpoints is not sufficient to protect this data. There is always the human dimension to consider: bad people doing bad things, and good people doing bad things, often inadvertently. But, there's also the question of how data, or information, is used, managed and maintained. To successfully address this problem, organizations need to address data at risk holistically. After all, data is at the core of a business. Data is a part of an enterprise's work flow processes, such as backup processes, corporate email, and is shared with customers, audit firms, partners, etc.
So how does an organization protect all of its data? There are several pieces to consider, including providing incentives to motivate good user behavior, placing the right controls in place, regular auditing, and protecting the data itself. To protect the data, an organization needs to identify where data is at risk, and then define a security policy that not only addresses that risk, but also includes an "assurance policy" that manages and mitigates that risk. Encryption is a tried, tested, and critical component of a good data risk assurance policy.
Before implementing an encryption solution, consider this: each solution that is put in place comes with its own infrastructure baggage of policy management, user management, administrative controls, IT training and much more. With each silo application, comes its infrastructure baggage. Each silo has to be managed separately, IT staff has to be trained, policies have to be put together, and all this while ensuring the corporate security policy is consistently, uniformly and automatically applied, and oh by the way, while integrating with the existing corporate infrastructure. This silo approach is neither scalable, nor viable.
The ideal encryption solution should consist of a common framework for policy administration and management, reporting, provisioning and enterprise key management, and client encryption applications that can be easily added to this framework. Additionally, in order to ensure the solution is customer,partner and vendor friendly, it should have the capability to easily manage third-party encryption applications.
So, the next time there's an unfortunate data breach headline or a new regulatory mandate, or your Board asks for your data risk management policy, make sure your organization had the right data protection attitude going in.