Business Leaders Approaches and Obstacles to Data Security Unlocked
A DMH Stallard panel debate held last week, Securing Your Data in the Data Explosion, saw a lively discussion amongst over 40 senior business leaders on both the strategic and technical issues surrounding data security.
Discussions and debate revealed some reluctance and uncertainty from directors on how to adopt best practice to address some of the issues raised, which was attributed to a number of factors. Security, compliance and who to ask for a second opinion remain key obstacles to moving the businesses forward in terms of IT innovation.
Looking to the cloud
"Moving to the cloud may actually make organisations more secure than they already are. Security through obscurity is not a valid justification for keeping data on your own servers."
Discussion focused on how cloud computing continues to promise to be a fundamental transition in the evolution of IT and business. Audience members cited benefits such as lower costs (dramatically reducing expenses for hardware, maintenance, and IT staffing), greater agility and better accessibility. However, whilst a move to the cloud can bring huge operational and financial rewards, discussion highlighted the complex and challenging under¬taking that requires careful planning and some deep thought about what the businesses priorities are.
Several panellists brought to light that organisations complying with standards such as ISO/IEC 27001, written 15 - 20 years ago may feel that they are secure, but in reality there may be huge gaps in their strategy as the standards do not always take into account the latest forms of IT usage and device, opening them up to severe business risks.
Deletion of Data
"How can you tell that when an external provider says your data is deleted, it really is? Can you ever be 100% sure?"
Several attendees highlighted the issues surrounding the deletion of data, and highlighted some cases of businesses' discarded computer hard drives containing sensitive business and personal data.
There are many companies that deal specifically in data destruction. Panellists covered the key issues to consider when outsourcing this type of service, including making sure the service provider is properly insured and provides audit trails for each destroyed item, as well as ensuring that the business keeps its own audit log. It is also important to identify the kind of data stored on devices, in order to ensure that each item is treated appropriately. Bear in mind that there may be regulatory or legal requirements for information disposal depending on what data is stored on the disk. And, of course, the outsourcing agreement should contain appropriate protections for the business.
The changing role of IT teams and divisions in organisational approaches
"Look into the possibility of outsourcing to enable your IT department to innovate, rather than fire-fight."
Internal IT departments are key to business success in developing the right strategic and technical data security solutions. One panellist commented that "when it comes down to it, your business success or otherwise is down to your IT department's culture - it will be either enabling or empire building."
There seemed to be a division in the style and approach to data security across the attendees' IT departments. One attendee pointed to the need to take informed decisions and to ensure that business decisions are taken for the right reasons.
There seemed to be consensus that there was a divide in the market and that younger businesses seemed to be making the most of technology, whereas businesses which have been in the market for longer are more reluctant and are keen to see the results of the use of such developing technologies before adopting them.
The panel came to the conclusion that the following three point plan was appropriate to move forward with addressing business data security issues:
- Segmentation - audit the data identify via what data you hold and who can access this data
- Ramifications - what are the likely financial and reputational implications of losing this data and act accordingly
- Personalisation - a one size fits all approach is not applicable and each business should take steps that best work for it.
The debate follows the publication of DMH Stallard's recent report into data security.
To register to receive a copy of this report then please email email@example.com.
The report is in addition to DMH Stallard's best practice whitepaper on cloud contracts which was co-authored with Cloud Industry Forum "Contracting Cloud Services - A Guide to Best Practice" . Previous reports have focused on IP "How Manufacturers Leverage IP to Create Value and Safeguard their Futures" and ethical business "How Manufacturers are Embracing the Challenge and Reducing their Risk.