Mastering Data Management

More in Business Process Management

• New ebook: Understanding Big Data
• 37 Definitions of “Employee ID”
• Defining Terms: Agree, or Doom your Project
• Establishing a Valid Business “Need to Know” for Sensitive Data

More in MDM

• Best Practices in Test Data Management: Discovering and Subsetting
• TDWI Chicago Preview: Data Warehousing, Analytics & More
• Who’s Afraid of the Big Bad Data?
• MDM for Chief Privacy Officers: A healthcare provider example

More from Kim Madia

• IBM X-Force Declares 2011 the “Year of the Security Breach”
• 6 Essential Elements of Data Security
• Improving Cloud Security with Data Masking
• Tales of the Disgruntled DBA

Share this Post

Recent Comments

• ICMCC News Page » Where East Meets West: ehealth in China and the US on Where East Meets West: ehealth in China and the US
• Kim’s Training Podcast on Training as a Safety Net: Kim May
• TDWI Chicago Preview: Data Warehousing, Analytics & More | Mastering Data Management on New ebook: Understanding Big Data

Discussions about data security are moving beyond the data center

Everyone’s talking about data security. A few years ago, this was a relatively obscure term reserved for use by DBAs and others in the technical community. Data security was seen mostly as a necessary IT function, a fixed cost of doing business.

This is all rapidly changing, right before our eyes. Data security has gone mainstream, making appearances in the Associated Press, New York Times, Wall Street Journal and many other popular media outlets.

Parents and grandparents are asking questions: How is my personal data being used at the grocery store? How can I be sure my medical information is being kept safe? How can I protect myself against identify theft?

The information explosion and the proliferation of electronic devices have turned data security into a topic that can be discussed at the dinner table, not just in the data center.

Business leaders are getting the message, especially since governance regulations around the world such as SOX and HIPAA hold senior leadership accountable for the misuse of data in their organizations. Now data security is seen as a way to earn competitive advantage, retain customer loyalty and attract new business. Innovations around data security are driving business rather than adding costs. In addition, business leaders don’t want sensitive corporate information falling into the wrong hands, such as competitors or disgruntled employees.

But what is data security, really? What are some guiding principals for organizations as they struggle with compliance?

Data security means protecting against unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Data security has come to be closely associated with IT since governments, militaries, corporations, financial institutions, hospitals, and private businesses store a great deal of confidential information about their employees, customers, products, research, and financial status in electronic form and transmit it across networks to other computers.

However, data security is broader than that. It includes non-electronic data, like paper medical records or printed documents.

Data security includes the protection of structured data contained in databases and unstructured data in documents and forms, while still allowing needed business data to be shared internally across divisions and externally with business partners, customers and vendors.

This is key: a data security policy needs to protect all data across the heterogeneous enterprise, production systems, nonproduction systems without impacting business operations. In fact, when implemented correctly data security can add efficiency and lower cost.

To get started, organizations should consider five key questions. These questions are designed to help focus attention to the most critical data vulnerabilities:

1. Where does sensitive data reside across the enterprise?

2. How can access to enterprise databases be protected, monitored and audited?

3. How can data be protected from both authorized and unauthorized access?

4. Can confidential data in documents be safeguarded while still enabling the necessary business data to be shared?

5. Can data in non-production environments be protected, yet still be usable for training, application development and testing?

Through the alignment of people, process, technology and information organizations can tackle data security and beat the competition. The goal of data security should be advancement of business goals, not just meeting legal, regulatory and business obligations.

For more information on how to achieve these goals, check out our white paper, “Data security and privacy: A holistic approach,” and learn about the IBM InfoSphere data security family.

Next week, my colleague Bryan Casey will answer the first question in our series. You can see the whole series here.