View Page As PDF
Share Button
Tweet Button
Companies who have information stolen – be it customer data, credit card and banking information, personal health information, or intellectual property – have the same threshold set of questions to ask in approaching the defense of confidential data. First, what data do I have? Second, where is it stored? Third, how do I know who has access to that information? And lastly, how do I know when an event has occurred where that information is compromised? How an organization answers these questions will determine much about how it can respond to a data breach.
 
When considering the data an organization retains, an audit of the data actually in the possession and control of a company can bring surprising results. Entities typically do not properly protect information it inadvertently or unknowingly possesses.  Some examples include personally identifying information or customer financial information that may be collected as part of a transaction that is later not required but remains a part of the system or database.
 
Most companies also believe they fully understand the computer system and know with certainty where sensitive information is stored. Often an audit of a system will reveal surprises about where the information resides, and how fragments of the information may be distributed across a system, making protection and monitoring a significant challenge.
 
Access to information is the first line of defense against unauthorized access or the occurrence of a data breach. Often the credentials of a system administrator are copied and used by bad actors trying to gain access to system information, so simply replying on administrator authorization is not enough to ensure protection of data. Tracking of system activity also is useful in determining the who, when, and what questions about system access. What is missing, however, is the ability to see in real time when confidential data is accessed. The ability to see that activity as it happens ensures faster response time, better understanding of the scope of the data breach, and allow formulation of an appropriate response plan.
 
Presently the market has hardware and software options that allow companies and their system operators to catalogue information, hardware, and access but fail to ensure a full understanding of what was accessed. The ability to know what information a company possesses, to know with certainty where it is located across a computer system’s platform (large or small), to know who accessed, modified, copied, or otherwise manipulated the data is crucial. The benefits of data governance go beyond breach. The cost/benefit analysis of properly protecting data balanced against the cost of discovery and response is clearly positive.  

Finally, having a tool that can catalogue and track data and identify in real time access and/or alteration of the data fundamentally alters the protection and response game. Innovate companies continue to work to create such a tool and its deployment would radically impact the data security landscape. Specifically, compliance, audit, business resiliency and disaster recovery, are all improved using a singular approach. The cost savings to an impacted business can be dramatic even when forensic investigations are required.
 
In sum, knowledge of existence of data, location of the information, control of access to data, information management, and response time to a breach are vital to protecting data and ensuring effective response to intrusion or other data breach.
COMMENT
+