Is your organisation ready to weather the storm?
The need to share information has never been greater as cross-organisational business processes become deeper and more complex. The movement of digital information, both within a business and across its increasingly porous boundaries to external individuals and organisations, carries more and more risk as regulations are tightened around data protection and personal privacy. Those businesses that stay ahead of their competition in the next decade will be those that put the technology in place to allow them to share content widely, but safely.
- Businesses have always shared information with their customers, partners and suppliers but today this is mostly done electronically There are many inherent dangers in the electronic sharing of information, especially since the dawn of the internet age. Initially the risk was that a business‘s intellectual property may be compromised or its employees exploited or distracted. However, in the last few years the overriding concern has become external regulators, especially those tasked with ensuring the privacy of individuals about who so much data is now collected and stored.
- In order to address these concerns businesses need to have a clear and concise policy about how data should be handled and what happens when a data breach occurs The policy needs to be easy for all to understand and, where relevant, communicated to external organisations with whom sensitive data is shared. It needs to be a single coherent document, kept up to date and easily accessible. Employees must receive regular data protection update training. All of this must be visible to regulators.
- Policy needs to connect people with content and make it clear who has the rights to access and create content and what they can subsequently do with it Most organisations already have a directory of users, and this should be central to the relationship of people to content security. Groups or individuals can be granted rights to access and create content and policy will dictate what they can do with it and with whom they can share it. Some content may need to be restricted to specific locations in which it can be accessed through links with physical security.
- However well implemented a policy is, employees are fallible and the control over external individuals is limited This requires the use of technology to limit and control the actions of users. No single technology will provide all the protection necessary and organisations must ensure that whatever products they use not only fit their policy, but also warn users if they are about to breach it.
- A range of technologies can help protect data in its four main states: stored on stationary devices, stored on mobile devices, in transmission over networks and printed on paper Encryption should be used where prudent although it is not enough on its own; once content is decrypted users can do pretty much what they like with it. This means further measures including end point security, content filtering, web access technology and print management; they all form part of total content security.
- An overriding technology is needed to translate written policy into enforceable IT policy; the term data loss prevention (DLP) has become widely use in the industry to describe this A DLP solution consists of a central policy engine that understands both users and content. All content moving within and to the outside of an organisation can be inspected and checked against policy, warning users of potential harmful content handling or blocking a particular use altogether.
The internet genie is out of the bottle and there is no going back. The free flow of information over the internet is now essential to most businesses. The dangers of letting this continue unchecked are profound and can lead to direct costs through fines and the loss of assets. The indirect cost of customer loss and reputational damage can be immeasurable. IT security vendors have started to come up with the answers and there are now a wide range of products to help businesses protect their content from malicious outsiders and also, importantly, from the unwitting or careless actions of their own employees.
To download this paper you must be logged in.