Companies that don't know where all of their most valuable and sensitive data is stored are unable to protect this information from security breaches and data leakages, nor can they demonstrate compliance with corporate governance guidelines and regulations that highlight the importance of ensuring data privacy and integrity.
That's according to Dave Naude, product manager at information security group SecureData. He says enterprises are enjoying a host of business benefits from online business and mobile computers, yet also face a range of new security threats because information has proliferated in every corner of the enterprise.
Employees walk out of the office each day with valuable and sensitive corporate and customer information on their notebooks; workers at remote offices store precious data on their computers, and even field technicians are using handhelds to capture customer information.
"Today, the average company has gigabytes of information spread across the enterprise, on desktops and notebooks, in enterprise databases and servers, and even in handheld computers. To keep this information safe, companies first need to know where it is, and then they need to be able enforce restrictions about who may use this information and how they may use it (for example, whether they can capture it on a memory stick or print it)," says Naude.
"They also need an audit trail to follow in the event of a data leakage or security breach, as well as to show that they have taken reasonable steps to identify and secure sensitive information."
Tough new regulations and growing corporate governance pressures mean organisations must be able to show that they have taken all the necessary steps to protect their information, and by extension, the interests of their shareholders and customers, notes Naude. South Africa's financial services industry, for example, faces the challenge of demonstrating compliance with the Payment Card Industry Data Security Standard (PCI DSS) by mid 2008. To meet the demands of this standard, banks will need to be able to track and monitor cardholder data across their systems and networks.
Naude says organisations face two major problems as they strive to secure the data across their networks: the first is the rapid growth in the amount of information they need to manage, and the other is the fact that this data may be spread across the enterprise on a wide range of systems and in a number of formats.
Enterprises face a particularly tough challenge in identifying and managing unstructured data - all of the information that exists outside structured databases including Word, Excel and HTML documents, image files (such as scanned documents), and multimedia files such as audio logs and videos. "By some estimates, the amount of unstructured data doubles every three months, making it difficult for any organisation to keep track," says Naude.
The portability of information is another problem that companies face today.
By some estimates, 40% of all information breaches are the result of data leaving the workplace on a device such as a notebook or USB memory stick that gets lost or stolen.
Naude says: "To address these challenges, companies should be looking towards automated electronic content discovery systems. The benefits of this class of tools include the ability to quickly identify relevant information; improved compliance with regulations and policies; better enforcement of policies about how data is used and who may use it; and reporting and auditing features that allow one to identify vulnerabilities and demonstrate compliance."
Companies should look for content discovery tools that offer accurate detection so they can perform targeted searches for data that they consider to be important and sensitive. They should also look for solutions that have proven performance and scalability so they can be sure they can quickly discover relevant information, irrespective of how quickly the amount of data on their networks grows, says Naude. In addition, content discovery tools should also provide good reporting tools that allow companies to understand where their information security risks lie.
Share