Seven tips to improving enterprise data protection

• Implement a data classification program that focuses on customer, financial and intellectual property information with designated owners of the information. Data protection categories should include confidential, internal use and public, and it is important to put the appropriate controls in place to protect this information. For example, public data should be reviewed to ensure that sensitive information such as future product plans are not released outside the company.
• Develop an enterprise-wide data architecture and manage the flow of critical information throughout the organization -- you will be surprised what you find. Credit card information is an example of data that you need to manage closely and ensure that data protection controls are in place. The good news here is that Payment Card Industry (PCI) Security Standards are very well documented and spell out what an organization needs to do to ensure data protection of this type of information.
• Encrypt critical information, such as credit card numbers, throughout your environment. If you are handling credit card information, you will need to encrypt this information in order to comply with PCI Security Standards. Cyber thieves can easily sell this information on the black market and will look for credit card information if they are able to break into your systems.
• Use caution with new technology, including cloud computing or virtualization, as security protection mechanisms such as authentication and data protection are often immature. Two-factor authentication is recommended when accessing these systems and confidential personally identifiable information should always be encrypted. You should also confirm these capabilities before venturing into the cloud.
• Protect endpoint ...
  
  To continue reading for free, register below or login

  Requires Membership to View

  To gain access to this and all member only content, please provide the following information:

  Email Address:
  Job Function: Select... - - - - -IT MANAGEMENT- - - - - CIO/CTO CSO EVP/SVP/VP of IS/MIS/IT EVP/SVP/VP of Business Applications Risk Management/Compliance/Privacy Officer Director of IS/MIS/IT Director of Business Applications IT Management (Manager IS/IT) Network Management/Administration Systems Management/Administration Project Management IT Staff Analyst Architect Consultant/Systems Integrator - - - - -CORPORATE / EXECUTIVE/LOB MANAGEMENT- - - - - CEO, COO, Owner, Partner, President CFO/Treasurer/Controller EVP/SVP/VP of Sales & Marketing Senior Corporate (non IT) Management Director of Sales & Marketing Corporate (Non IT) Staff Educator Other
  
  

  By joining SearchCIO.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
  
  TechTarget cares about your privacy. Read our Privacy Policy
  To read more you must become a member of SearchCIO.com

  As an existing member of the TechTarget network please activate your SearchCIO.com account 

  By joining SearchCIO.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
  
  TechTarget cares about your privacy. Read our Privacy Policy
  
  
  

  Digg This!     StumbleUpon     Del.icio.us

  
  
  
  

  RELATED CONTENT IT/Business Strategies: IT and business alignment tips for CIOs Botched IT outsourcing contract shows need for governance, SLAs FAQ: IT and organizational change management Complementing your ITIL framework with other process methodologies Swine flu preparedness: Business continuity during an H1N1 outbreak If cloud computing companies form ecosystems, users will benefit The real cost of cloud computing services Key to customer service satisfaction: Simplify complexity The range of ITIL training tools and techniques and how they add value How to organize and train your staff for BPM project success SOA governance: How and why to build it into your SOA initiative Enterprise data security and privacy GPS devices, geolocation data create privacy, security risks Health care security, HIPAA compliance on deck for CIOs in Obama era Network access control: Security advice for enterprise CIOs Data protection in the cloud: What's good enough? Healthcare IT standards still not clear Avoiding gotchas of security tools and global data privacy laws CIO turns to identity and access management to solve business problem Data protection quiz for enterprise CIOs Employee layoffs pose security risk if systems access not disabled Health care CIO tackles complex security, privacy mandates Strategy: Preparing for corporate data protection, NAC, security Data protection in the cloud: What's good enough? Mobile data protection options for enterprise CIOs Data protection tops CIO security agenda for 2009 Network access control evaluation tips: NAC systems insights for CIOs

  RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

  
  
  devices such as personal digital assistants, laptops, memory sticks and cell phones that are used to store critical information. You should put enterprise data protection programs in place to address loss and theft. These devices are essential today and are often used to store customer, future product and financial information. The small form factor makes them very likely to be lost or stolen. You need to be proactive in this area and encrypt data, require use of passwords and leverage the ability to remotely disable these devices, if available.

• Implement enterprise data protection policies such as strong passwords, encryption, two-factor authentication and remote data deletion for endpoint devices.
• Update your software development lifecycle (SDLC) process with key checkpoints, such as security architecture reviews, and conduct code reviews to identify common coding errors such as buffer overflows. It is much easier to address software security issues earlier in the SDLC process and architectural reviews can eliminate many of these issues before any coding has occurred. Use of code checking programs, similar to spell checking, are very helpful to identify common coding issues such as buffer overflows. Finally, binary code analysis tools are available to test the actual running of the software before it is deployed.

Security threats are here to stay, and holistic programs are essential to protect the critical data assets of your organization. It is important to develop a roadmap of incremental improvements to your enterprise data protection policy with regular updates for new security threats.

Mark Egan is managing partner of the information security practice at The StrataFusion Group Inc., a management consulting firm in the San Francisco Bay Area. Egan was previously CIO at Symantec Corp. and is the author of The Executive Guide to Information Security. He can be reached at mark.egan@stratafusion.com.

Let us know what you think about the story; email: Karen Guglielmo, Executive Editor