Is your company seriously interested in protecting their structured, unstructured and semi-structured data? This research paper, by the Aberdeen Group, discusses what best-in Class organizations are doing in regards to data loss prevention, to set them apart from the rest. This report outlines the different strategies that companies use to safeguarding their data, and how these strategies, and/or additional data loss protection efforts sets some companies apart from other in regards to deploying data loss policies and solutions.
The idea of protecting data using the perimeter-security model is slowly eroding away, as more applications become open, flexible and the use of distributed networks are being considered. Leading firms are now considering an information-centric approach to protecting confidential data. The industry leaders are identifying, classifying, protecting and managing their sensitive data more proactively, instead of reactively.
This report introduces the PACE (Pressure, Actions, Capabilities, and Enablers) framework for organizational data security. This framework applies pressure to the business to protect the organization data and its branding. This protection is accomplished by taking actions such as developing policies, physically protecting the data, educating customers in regards to securing data, and monitoring transmission of data. The capability piece of this framework is to make sure policies are consistently applied, people take responsibility for data security, automated processes are developed to protect data, and real-time notifications are sent out when policies are not followed. Monitoring, encrypting, and having the tools you need to securely manage your data is the enabling aspect of the PACE framework.
The strategy you take at securing your data needs to be more encompassing if you want to be a best-in class organization. You need to use network and agent based strategies to secure your data. Data needs to be protected in whichever way it might flow along the network, as well as protected while it is at rest. You need to consider an information-centric approach to protecting your confidential data.
From the different organization that Aberdeen Group surveyed they determined that top-performers in regards to data security had a number of things in common. The best-in class companies consistently applied policies for data at rest, as well as data in motion. The owners of the data took responsibility to protecting their data, as well as documenting and training staff in regards to securing data. These leading companies gained more knowledge about their sensitive data by discovering and classifying their data. They also secured their data by leveraging technology to automatically apply their security policies. Lastly, they had an effective way to measure their data protection initiatives.
No matter where your organization is in the spectrum of data loss and protection you should consider what additional steps you can take to improve your companys overall data protection situation. You should consider developing a set of actions that will bring your data loss prevention to the next level. This report outlines the following steps to help organizations succeed in reducing their data loss liabilities:
· Discover and classify your data
· Establish consistent policy
· Educate users
· Rollout data protection solutions
· Automate enforcement
Data loss prevention does not happen by accident. You need to plan for protecting your data by defining policies and classifying your data. You need to educate data owners and users on the importance of data security. You need to develop or acquire solutions that protect the entire spectrum of data. As you move forward shaping your companys security architecture, what are your plans to bring your company closer, or keep your company as a best-in class company from a data loss perspective?