An investment company came into the office early Monday morning and all their data was gone. The computers would not boot up, the screens were black. Company bank accounts and most employee’s bank accounts were emptied. Customer accounts had been transferred out of their control. Within a month, they were out of business. Twenty-eight people are now looking for work, the owner is riddled in debt and legal issues.
Data is your company currency. Companies that lose their data, lose their currency and cease to exist.
You’ve heard it before: data is the lifeblood of your company. When you don’t have access to your data, you can’t get anything done. Do you really think your clients are going to wait around for you to get back to work? Chances are, they’ll move onto the next company that offers what you offer – and as you know, if your clients leave, you’re not making money,
The concern is not just with the internet, the edge of your network, nor is it your software. There is no edge of your network, data moves from program to program, from servers to PCs to smart phones. Managing network security at the edge of the network or the software is important, but not enough. What is the value of your company data at risk? It’s everything!
In a Forrester survey, companies noted their intellectual property comprises 70% of their storage portfolio, and only 30% is customer information.
What to do about it
Most businesses use Policies, Permissions, Access Control Lists, and Roles to manage data security. These are applied to three areas: folders, applications, and services. Once data leaves these three areas, the data is no longer protected. What do you do to protect this data?
Traditional controls manually convert policies into system-specific controls, then duplicate work across all applications and servers where your confidential data moves. Because controls are fixed, administrators must also modify them as risk, workflow, and staff change.
IT quickly becomes inefficient and error-prone. Where data sharing is broader, businesses no longer reliably own the data.
Businesses must leverage new methods to protect data as they move from program to program, from servers to PCs to smart phones. Leading analysts recommend Attribute Based Access Control.
This eliminates the manual steps needed to turn business requirements into security controls as rules are evaluated dynamically with attributes examined when the data is used. Enforcement adapts to risk level automatically so if the category of a document changes, or a user’s role changes, access rights are automatically adjusted. No need to update permissions.
Define business policies
Business policies should be transformed into IT policies that can be automatically enforced across all applications. That way, IT isn’t caught in the middle between business requirements and the physical systems where data is stored.
To protect data, you can incorporate more data-centric controls that target metadata, keywords, properties, and so on. Because evaluation is based on attributes of the data, controls apply consistently as data moves between containers and across systems. Business owners can then set their own information security policies based on which roles should access the data.
Losing data alone is awful – you rely on those records every day. But what really hurts is everything else that comes along with data loss:
Once you’ve lost data once, losing more data is just a matter of time. If you suffered an attack, they’ll count their victory and come back for another. And if you come to expect data loss, you won’t be prepared to stop those who think they can keep getting away with stealing from you.
Remember that data loss can shut your doors and turn your business into just another statistic. Make sure you’re using the right IT security to stay safe from whatever the future holds – contact the team at PC Help Services at (317) 585-0500 or firstname.lastname@example.org to create a comprehensive backup solution for ALL your valuable data.
Absolutely amazing. Matthew came to the office and worked with the laptop I had tried to fix myself. He listened carefully to what I reported, then worked with it for over an hour. He asked if he could take it back to his office to work with it. I agreed on the basis of a two-hour billable cap. He took it back to his shop, I’m sure spent way more than two hours fixing it, and returned to me a laptop I scarcely recognized–faster, working wireless, updated Cisco VPN software–perfection. In the course of his magic, he was always available to discuss the configuration, asked all the right questions and gave the right answers. He met the deadline I imposed. The service was so impressive that I asked about future availability to deal with a small business network if help was needed. There’s a team of folks ready to help.”