When asked if organisations should track all their data to prevent data loss, Chng asserted that it was more important to focus on data protection. "It's difficult to track digital assets as they can be easily duplicated ...so you'll be going on a wild goose chase if you choose to do so." He thus advised organisations to understand where their data is being stored as well as how it is being used and shared before implementing the right security technologies at the appropriate place. The human element is also important when it comes to data protection, said Lee. He explained that no matter how advanced a security solution is, it is only as good as how the user uses it. This is because the solution is dependent on the users' instruction on what to monitor and what will trigger an alert.
As exemplified by the NSA-Snowden incident and Target breach, outsourcing presents a security risk to the enterprise. One way of minimising this risk is access control, in which employees are given access to specific data according to the requirements of their job, said Chng. He added that organisations should also strengthen their password and identity management systems so that it will be easier for them to manage and track the use of privileged credentials and prevent unauthorised access. According to Lee, organisations can protect itself from outsourcing risks by including the appropriate security requirements in the outsourcing contract. For instance, the contract should spell out the proper steps the cloud service provider should take if the client/organisation decides to terminate the contract, such as storage destruction and securely deleting the data.
Sign up for CIO Asia eNewsletters.