The amount of our personal data that is stored online by companies is growing at an alarming rate. While there may be Privacy Policies and at least some form of security in place…is it enough to protect the most valuable commodity that each of us owns?
the intentional or unintentional release of secure information to an untrusted environment
So if that is the baseline definition…what are the companies and governments doing to protect our data? In 2011 Frost & Sullivan published the Int’l Information System Security Certification Consortium’s Annual Report on the Global Information Security Workforce. In the report it estimates that global demand for Information Security Professionals will grow at a rate of more than 13% by 2015…but there is a clear gap in both the number of professionals being created…and the skills that they are bringing with them.
Things like Mobility, Social Media and Application Vulnerabilities are a challenge and each of these things is a potential mine field for our Private Data. Just last month (October 2012) the Government of South Carolina revealed a Data Breach that exposed 3.6 Million Social Security Numbers and almost 400,000 Credit and Debit Card Numbers to an international hacker.
Securing Data is not a quick fix, nor is it a patch that can be applied once and forgotten. The key to securing the information that is entrusted to an organization is investment, vigilance and testing/monitoring. That takes money, effort and commitment. I hear from clients every day that their top priority is Disaster Recovery…my response is typically…when establishing your parameters for the DRP…are you doing a full Risk Assessment? The damage in reputation and credibility from a Data Breach (even a minor one) is potentially far more damaging than a Fire, Flood or Tornado.
In the wake of the Sony Data Breach a couple of years ago, they instituted a Security Framework that I thought was quite interesting:
Risk Management: Find out the data security vulnerabilities of the business and its impact; and the specific information assets that are on high priority.
Governance: Determine the person in charge in protecting the data assets of the business, top management’s commitment and the resources needed to fulfill this task correctly.
Integrated Security: Establish ways to prioritize security investments – IT, physical and personnel security – to reduce the overall risk profile of the company to an acceptable level.
Continuity Planning: Determine the business continuity as to how fast an operation can resume from disasters.
As you can see…the Risk Management is first….with Continuity Planning being the result. Big Data is all around us. Filling more Disks with information may be great for the future (Analytics and Predictive Theory) but would you leave a mountain of cash sitting out in your parking lot unsecured? Slow down, take a deep breath and plan…that is what needs to happen…very soon!
Chris J Powell