Where the Data Lives
Posted by 
Share this Post
The first step to securing your data is understanding where it actually resides
I am at a family reunion right now, and my grandmother has come up to me on several occasions to talk about security. This is a woman who just got rid of her Motorola RAZR, and is now asking me about data breaches.
If your extended family is anything like mine, talking about IT trends over dinner is not usually a welcome topic, but security is just different. The products, services, and processes that go into enterprise security might not be marketed to the consumer, but consumers are becoming increasingly interested in how their data is being protected by large organizations.
Within the last year or so, I imagine it would be difficult to find people who haven’t been notified that a company that they entrusted with their information has been breached, and that they should pay careful attention to their accounts, whether financial or email.
There used to be more trust. Consumers believed that companies knew how to protect their information, but the events of the last year have caused them to ask more questions. The questions they are likely to ask form the foundation of good security. Consumers want to know what’s happening to their data, how it is traveling, and how their security and privacy are being protected along the way.
Those questions are the same that organizations need to ask themselves. Before you can apply security controls, you need to know where to put those controls. In order to know where to put those controls, you need to know where your data lives, how it moves and what other data it is related to.
In smaller organizations, this might be less challenging. In larger organizations, where the amount of data is exploding and executives at the highest levels are trying to manage the complexity, identifying where your data lives is critical. When you know more about where your data lives and how it moves, you can make more intelligent decisions about how to protect and manage it.
As they say, a problem well stated is a problem half solved.
One of the interesting things about security is that it involves a really intimate understanding of software and systems, and how data moves within them. If you take the steps to secure your data, you will, by default, know more about your data. In turn, you will be able to do smart things with that data.
In this respect, the foundations of data management and security management are inextricably linked. IBM’s InfoSphere Discovery solution can help establish this foundation by documenting what data you have, where it lives and how it is linked across systems.
While security can never be addressed with a single product or service, understanding more about your organization, your risks and your data is a good place to start.
Once you have this information, you can begin applying data security controls such as encryption, database security, redaction, identity and access management, etc.
These are all topics that we are going to address in the future as we further explore the relationship between data management and security management. (Join my colleague, Kim Madia, and I for a weekly series that explores these questions.)
For more information on how to achieve these goals, check out our white paper “Data Security and Privacy: A Holistic Approach,” or learn about the IBM InfoSphere data security family. We also recently recorded a webcast that's available on demand: Reconciling Openness with Privacy: How Automated Data Redaction Supports Data Privacy.
This post is part of the Dinner Table Data Security series. Catch up on the full series.
2 Responses »
Trackbacks
Leave a Response
Entries(RSS)