Is your company
seriously interested in protecting their structured, unstructured and
semi-structured data? This research paper, by the Aberdeen Group, discusses
what best-in Class organizations are doing in regards to data loss prevention,
to set them apart from the rest. This report outlines the different strategies
that companies use to safeguarding their data, and how these strategies, and/or
additional data loss protection efforts sets some companies apart from other in
regards to deploying data loss policies and solutions.
The idea of
protecting data using the perimeter-security model is slowly eroding away, as
more applications become open, flexible and the use of distributed networks are
being considered. Leading firms are now considering an information-centric
approach to protecting confidential data. The industry leaders are identifying,
classifying, protecting and managing their sensitive data more proactively,
instead of reactively.
This report
introduces the PACE (Pressure, Actions, Capabilities, and Enablers) framework
for organizational data security. This framework applies pressure to the
business to protect the organization data and its branding. This protection is
accomplished by taking actions such as developing policies, physically
protecting the data, educating customers in regards to securing data, and
monitoring transmission of data. The capability piece of this framework is to
make sure policies are consistently applied, people take responsibility for data
security, automated processes are developed to protect data, and real-time
notifications are sent out when policies are not followed. Monitoring,
encrypting, and having the tools you need to securely manage your data is the
enabling aspect of the PACE framework.
The strategy
you take at securing your data needs to be more encompassing if you want to be a
best-in class organization. You need to use network and agent based strategies
to secure your data. Data needs to be protected in whichever way it might flow
along the network, as well as protected while it is at rest. You need to
consider an information-centric approach to protecting your confidential data.
From the different organization that Aberdeen Group surveyed they determined
that top-performers in regards to data security had a number of things in
common. The best-in class companies consistently applied policies for data at
rest, as well as data in motion. The owners of the data took responsibility to
protecting their data, as well as documenting and training staff in regards to
securing data. These leading companies gained more knowledge about their
sensitive data by discovering and classifying their data. They also secured
their data by leveraging technology to automatically apply their security
policies. Lastly, they had an effective way to measure their data protection
initiatives.
No matter where
your organization is in the spectrum of data loss and protection you should
consider what additional steps you can take to improve your company’s overall
data protection situation. You should consider developing a set of actions that
will bring your data loss prevention to the next level. This report outlines
the following steps to help organizations succeed in reducing their data loss
liabilities:
·
Discover and classify your data
·
Establish consistent policy
·
Educate users
·
Rollout data protection solutions
·
Automate enforcement
Data loss
prevention does not happen by accident. You need to plan for protecting your
data by defining policies and classifying your data. You need to educate data
owners and users on the importance of data security. You need to develop or
acquire solutions that protect the entire spectrum of data. As you move forward
shaping your company’s security architecture, what are your plans to bring your
company closer, or keep your company as a best-in class company from a data loss
perspective?