You can't secure what you can't find
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Tags:  management infosphere ibm security data
0 Comments | 2,557 Visits
I am at a family reunion right now, and my grandmother has come up to me on several occasions to talk about security. This is a woman who just got rid of her Motorola RAZR and is asking me about data breaches. If you’re extended family is anything like mine, talking about information technology over dinner is not usually a welcome topic, but security is just different. The products, services, and processes that go into enterprise security might not be marketed to the consumer, but consumers are becoming increasingly more interested in how their data is being protected by these large organizations. Within the last year or so I imagine it would be difficult to find people who haven’t been notified that a company that they have entrusted with their information has been breached, and that they should pay careful attention to their accounts, whether they be bank accounts or email accounts.
There used to be more trust. Consumers believed that companies knew how to protect their information, but the events of the last year have caused them to ask more questions, and the questions they are likely to ask are also where the foundation of good security begins. They want to know what’s happening to their data, how it is traveling, and how their security and privacy is being protected along the way. Those questions are the same questions organizations need to ask themselves. Before you can apply security controls, you need to know where to put those controls, and in order to know where to put those controls, you need to know where your data lives, how it moves and what other data it is related to. While in smaller organizations this might be less challenging, in larger organizations, where the amount of data is exploding and executives at the highest of levels are trying to manage all of this complexity, identifying where all of your data lives is critical. When you know more about your data lives and how it moves, you can make more intelligent decisions about how to protect and manage it.
As they say, a problem well stated is a problem half solved.
One of the interesting things about security is that it involves a really intimate understanding of software and systems, and how data moves within them. If you take the steps to secure your data, you will, by default, know more about your data and will be able to do smart things with that data.
In this respect, the foundations of data management and security management are inextricably linked. IBM’s InfoSphere Discovery solution can help establish this foundation by documenting what data you have, where it lives and how it is linked across systems.
While security can never be addressed with a single product or service, understanding more about your organization, your risks and your data is good a place to start. Once you have this information, you can begin applying data security controls such as encryption, database security, redaction, identity and access management, etc.
These are all topics that we are going to address in the future as we further explore the relationship between data management and security management.
For more information on how to achieve these goals, check out, “Data security and privacy: A holistic approach:” here
To learn about the IBM InfoSphere data security family access this web page: here
*Upcoming Webcast (July- 26)* “Reconciling Openness with Privacy: How Automated Data Redaction supports Data Privacy within IBM ECM:" here