Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Down to Business: Back to Security Basics

Enterprises continue to lose, misplace and mishandle sensitive data . The Justice Department and other organizations that should know better are still posting people's Social Security numbers on their Web sites. ABN Amro Mortgage lost (and weeks later found) a backup tape containing personal data on 2 million customers. Ford reports that a computer with data on thousands of employees was stolen from a company facility. A Marriott time-share unit says a backup tape containing personal and financial information on more than 200,000 employees and customers is missing. And so on.

Define and Enforce

Expensive intrusion-prevention, global authentication and information-management systems have their place in the secure enterprise, but they won't keep your sensitive data from walking out the door. Let's go back to Security 101: creating a formal policy on accessing, distributing, storing and transporting such data--who does what and how. Employees must be trained. And then drilled. If data protection is indeed a board-level priority, everyone in the organization must be made aware of that fact, with clear consequences for those who don't follow the rules.

Meantime, enterprises must truly be held accountable for failing to protect personal data. The pundits will tell you that this is mostly a regulatory challenge: Set a national directive on how organizations must safeguard personal information and then audit everyone into submission--à la HIPAA and Sarbanes-Oxley.

Here's another thought: Punish the handful of wrongdoers and bunglers, instead of tying up the masses with more red tape.

  • 1