Data security is of the utmost importance, especially in the enterprise setting.
It is designed to stop anyone without authorization from accessing as well as stopping intentional or accidental destruction, corruption, or infection.
Data encryption seems to be the buzz word of the day but this is just one layer of a tiered security strategy involving several different technologies and techniques.
In order to secure enterprise data, whether it is in transit or in storage, the steps required must include an understanding of all applicable threats, the alignment of defense layers and continuous monitoring of all activity logs, with the correct action taken as and when needed.
The ten methods needed to draw up a tight data security plan are:
- Implementation of a tiered security and protection model. This must include several perimeter defense rings to counteract threats. Multiple defense layers can do two things should one be compromised from either an internal or an externa threat – they can isolate the data and they can protect it.
- Logical and physical security should be included. Logical security is comprised of authorization, encryption, authentication, and passwords whereas physical security includes locks on the servers, restricted access to servers, networking cabinets and storage cabinets. One thing to remember is to keep cupboards that are used for cleaning personnel and the tools they use separate from where the networking and storage cabinets are kept – you might just be surprised at the amount who don’t keep them separate! Logical security involves keeping networks secure with the use of firewalls, anti-virus and anti-spyware programs on both network storage systems and servers. All database files, applications, server operating systems and file systems must be kept secure so that unauthorized access cannot be gained and neither can disruptive access.
- Other physical security controls should be along the lines of access control – changing door-lock combinations and key-codes on a regular basis.
- There are networking tools and storage tools that encourage changes of management passwords when the initial installation is done. This should be common sense but again, many do not bother, leaving the default passwords in place. These passwords should also be changed on a regular basis and access to management tools should be restricted to only those who need it.
- Always know who can physically access the removable and fixed data storage devices and media. Make good use of access logs and always perform regular background checks on both third-party personnel and contractors who may be handling media and data to determine where the weak links are. You should also make use of data discovery tools to determine any sensitive data that may not have adequate protection.
- If you use electronic means to move data about to ensure that tapes are not lost, or you are planning to do so, ensure that all data that is being transmitted over private or public networks are both safe and completely secure. Use techniques such as encryption, IPsec protocol and virtual private networks
- Wide-scale adoption of data encryption has been slow but it is the main technique you should be using to protect data. Consider whether you need to use encryption on data that is in transit or in storage, whether you need to use it on your network, servers, appliances, and storage facilities and whether you encrypt at software or hardware level. Consider how management is going to be performed for your specific environment and what the effect of data encryption will have on interoperability and performance of your business.
- Do not let data security clog up productivity because that is the fastest way to compromise security within your business environment. Keep your security transparent in terms of who can use data and who can’t and your users are less likely to try and get around the system
- Are you aware of how safe your data really is? Do you know where it is stored? You might be shocked at how many management figures leave all that sort of stuff to IT and have no clue as to what happens and where. Ensure that you know where your backups are, where your archives are and check that they are secure. Check that the process of doing the backups and any recovery are secure and that the data is stored securely.
- Check with your vendors for network, storage hardware and software to see what their security is within their own environments especially if they are selling security services or technology.
Above all, try to avoid an approach to security that is counterproductive to work; you should be striking a balance between allowing the work to be done and stopping applicable threats from compromising your system.