- Inc. Technology - http://technology.inc.com -
Providing a Safety Net for Confidential Data
Posted By Michelle V. Rafter On August 1, 2008 @ 12:00 am In Data Security | No Comments
No company is an island.
Today, even the smallest enterprise hands over back-office functions to outsiders, interacts with suppliers and clients through joint supply-chain management systems or uses software applications that live on the Internet.
As a consequence of this interconnected style of doing business, companies are at greater risk of having confidential information spill into the outside world, either accidentally or through some form of data theft. “We’re seeing a growing number of instances where contractor personnel are being bribed to steal” data from their clients, warns Jay Heiser, a research vice president with Gartner , the IT research and consulting firm, who recently wrote a report on data security.
It is possible for companies to simultaneously share data with business partners and safeguard it from falling into the wrong hands, according to Heiser and other security industry experts. To do it, they recommend that companies create a data-security policy, use software or hardware appropriate to a particular situation and require any outside party that’s privy to sensitive company information to sign a non-disclosure or other types of contracts.
Before a company so much as transfers a file, managers need a data-security plan to chart how they’ll handle sensitive information, security experts say. According to Javed Ikbal, principal with zSquad , a Boston IT security consulting firm, such a policy should include:
In creating data security policies, companies have to weigh the cost of putting systems in place against the value of the data, Ikbal says. If something’s worth $10 “you don’t put a $10 lock on it, that doesn’t make sense,” he says, but if the price is information is high “you take reasonable measures” to keep it safe.
Controlling access to corporate documents
When a company sends a business partner an e-mail or file, it gives the partner implicit permission to copy, forward or otherwise use the information as the partner sees fit, even if the material was originally encrypted, according to Heiser, the Gartner analyst. While that’s acceptable in many circumstances, in others a company may want to share information but restrict what a partner can do with it. According to Heiser, there are several basic methods of doing this, or what security experts refer to as mandatory access controls. They are:
Companies need to back up policies and technology with contracts that spell out the penalties a business partner would incur for breaching any part of the agreement. Contracts can’t physically prevent things from happening “but they provide the incentives for someone to do what you want them to,” Heiser says.
Article printed from Inc. Technology: http://technology.inc.com
URL to article: http://technology.inc.com/2008/08/01/providing-a-safety-net-for-confidential-data/
URLs in this post:
 Gartner: http://www.gartner/
 zSquad: http://www.zsquad.com/
 Microsoft: http://www.microsoft.com/windows/windowsmedia/forpros/drm/default.mspx
 Citrix: http://www.citrix.com/
 VMware ACE: http://www.vmware.com/products/ace/
 Moka: http://www.mokafive.com/
 Sentillion’s vThere: http://www.sentillion.com/solutions/remote-access.html
 BoardVantage: http://www.boardvantage.com/
Copyright © 2011 Inc Technology. All rights reserved.