What is enterprise data security?
Here's a typical enterprise data security scenario in corporate America today: There are three people who access a company's data stores. The first, a sales manager, sees the opportunity to match products with paying customers, based on their buying history. The second, a business manager, sees the opportunity to catch the competition flatfooted with unique market intelligence. The third is a hacker who just sees malevolent opportunity.
Your job is to deliver useful information to the first two in real time while denying the third access, information and, if possible, his freedom. How you do that is called enterprise data security.
Most people think tactically about security, yet effective security decisions originate with policy. It pays to take the long view with security, arm yourself with security-product platforms, and defend your company by first shoring up your weaknesses.
Here are some questions to keep in mind when discussing enterprise data security:
Should I focus on the big virus threats or on the broader task of securing my data?
Data security should always be your primary focus, says Jonathan Penn, a security analyst and vice president with Forrester Research.
Threats, like the conficker virus that gathered much attention in the spring of 2009, are topical and, in a perverse cultural sense, sexy. That's what F.U.D. (fear, uncertainty, doubt) is. And there is a satisfying impact when you bring them up in senior staff meetings. They also get a lot of attention in budget discussions.
Of course, you have to take them seriously, but reacting to threats is by definition falling behind events. And while a coherent data-security strategy won't immunize you against every threat, it will prepare you for attacks and internal mishaps, which will lessen their impact.
There's no way to overspend on security, right?
Hold on. Time for an analogy: Every major city in the world has one residential address that's more of a bunker, ready for a siege fit for a Peter Jackson movie. Not only are the chances of such an encounter astronomical, some of these armaments don't even work (thankfully).
Yes, your most precious commodity is your employees' and customers' data, but you can spend too much on security. And if you are listening close enough, you might even know when you're overdoing it.
"Your sales force will let you know," says Gartner security analyst John Pescatore. Put too many hoops between them and the customer database, and you'll slow their ability to sell. That makes for unhappy employees--and fewer sales.
Pescatore says you have to challenge new security procedures and tools for effectiveness as well as overzealousness.
"Ask the question," Pescatore says. "Why are we making the sales staff use three passwords and a token to get to their information?" It's probably over the line and probably wasting time and resources.
Sign up for CIO Asia eNewsletters.