This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
It is getting increasingly more difficult for IT and data security departments to keep sensitive information from moving outside the network perimeter, thanks to the proliferation of data-sharing tools such as email, social media, mobile devices and cloud storage media. The reality is that the data security perimeter is forever changed as data is accessed and stored in multiple locations.
This will become increasingly relevant as more organizations migrate to the Cloud. The Internet Society Hong Kong and Cloud Security Alliance found, for instance, that almost 83 percent of Hong Kong's companies are currently using or are soon going to use cloud services. Most of them are clear on the security implications of this migration. For example, of those surveyed, 56 percent have a good understanding of or have implemented data encryption as a way to help safeguard data.
Workers uploading data to a wide array of unsecured sharing services pose one of the biggest security threats. It is important to note that an insider threat is not just a malicious user or disgruntled employee but could also be trustworthy employees who are just trying to work more efficiently. When workers are unfamiliar with correct policy procedures and there are no systems in place to train, inform and remind them, they can engage in risky information handling. Insider breaches, therefore, are not just a technological issue, but a human and cultural problem. You can install technologies to prevent uploading data to a cloud service, but if your users don't understand the value of the data they are using, they are likely to see the technology as an impediment to their workflow and actively seek methods to circumvent security.
The consistent drop in storage costs has led to the tendency to keep all data forever, which is also having a negative impact on data security. As storage costs dropped, the attention previously shown towards deleting old or unnecessary data has faded. IT security teams are now tasked with protecting everything forever, but there is simply too much to protect effectively - especially when some of it is not worth protecting at all.
Changing Minds, Changing the Culture
Security is not the sole purview of the IT department, but unless executives lead the charge, non-IT staff may cede their own responsibility to IT. When executive sponsorship of company-wide data security is communicated directly to employees, it is less likely that the employees will resist the change. Given the importance data security plays in the health of an organization, it should be considered a crucial business best practice. The most successful companies are those that place a high value on protecting their intellectual property, customer information and other sensitive data.
Sign up for CIO Asia eNewsletters.