How much data do you have? What’s it worth?

August 21st, 2010 by Stephen Jones Leave a reply »

How much of your business data is stored in widely accessible files on shared network storage. -stored  files typically make up as much as 80% of business data, according to market analyst firm IDC.

Not only is this data  valued by businesses and regulators, but it is prized by malicious insiders. For example,

  •  last July, a former Goldman Sachs worker was arrested for downloading software source code with the intention of taking it with him to a new employer.
  • in 2009, a Microsoft employee was accused of stealing documents he planned to use in a lawsuit against the company.
  • , in March 2010, the Canada Revenue Agency, Canada’s equivalent to the US Internal Revenue Service, disclosed that CRA employees had been accessing hundreds of files and using the information for everything from financial gain to providing preferential treatment for friends and relatives.

. Regulations that address data security–such as Sarbanes Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and others–apply equally to files, databases, applications, etc. So, even if an organization uses financial applications and databases to manage their finances, when financial data that is governed by SOX is exported to a spreadsheet for manipulation, the handling of the spreadsheet must also comply.

Mid-level managers use Business applications and databases to export interesting data for analysis, reporting, presentations and other legitimate business activities. For example, six months of sales data from your CRM to   assess ales trends or to identify operational issues are legitimate sues – but when  and presentations containing exported information are stored on shared file systems for enhanced communications and collaboration, then  you have a data security risk that it will each competirs

 If that data is financial in nature, includes credit card information or has customer details, you may also have a SOX, PCI or personally identifiable information (PII)-related compliance issue to address.

Group based file security policies, diabling usb drives and ports etc is one line of defence

The other is a network monitoring system with alerts and dashbaord indicators that allow you to quickly identify possible breaches and to drilldown to the soruce  of who copied,or  prined, or emailed or chatted about what to whom and when with an evidence trail. This certainty of detection is perhaps the biggest deterrent.

For more information on inexpensive solutions to safeguard your valuble information call us and  ask for Kamlesh -00971 4 3365589.


Leave a Reply

You must be logged in to post a comment.