Security Syndicate This

Topic Description

Data-centric security: Ensuring security is more than just compliance

By Andrew Lintell, Celestix Networks and Malcolm Gardner, Celestix Networks , 10/05/2010

Print this article Email this article Talk Back! Write to Editor

Join us for SOA & Application Integration in Action Virtual Conference on October 5, 2010. Learn more here.

Recent years have seen an explosion in the volume of data produced and relied on by business and it continues to grow. The IDC forecast study predicts that data volume will increase tenfold over the next few years, itself a significant increase over the period before. Data management challenges facing businesses are not just related to volume, but also to the nature of the information and its importance to both the company itself and the regulatory attention it receives.

The conflicting goals of data availability and security are also a consistent issue, particularly when applied to sensitive and high value information. High value data assets can contain a disparate range of confidential information sets that have specific value to the organization such as earnings sheets, product designs, customer payment details, patent information and so on. Assets often require different levels of access and security related to the inherent value and sensitivity of their content.



To complicate matters further compliance is increasingly high on the list of compelling drivers. Modern standards, like ISO 27001, require a Security Management System to be implemented that is based on an assessment of risk and for technology and process to be applied to mitigate these risks.

However, not all data is the same. Information that is of high value to companies, but is not subject to regulatory pressures like the Data Protection Act, is often overlooked. This information can be of such high strategic value that its compromise could have major financial or public relations implications and possibly disastrous consequences for the company.

Understanding Data Types

When considering the different scenarios within which sensitive data are used, and the risks inherent in these scenarios, it is important to understand the different types of sensitive data an organization has. A recent Forrester study examined the type and value of enterprise documents that contained intellectual property, and found they formed two tangible groups.

Secrets - valuable confidential data such as financial reports, design documents, product roadmaps.

Custodial Data - data that are held on behalf of others such as banking data, patient data, legal contracts etc.

The value properties of each group differ due to the nature of their use and requirement. Proprietary company secrets generate revenue, increase profits, and maintain competitive advantage. Custodial data such as customer, medical, and payment card information has value because regulation or contracts make it toxic when spilled and costly to clean up.

-1-

1  2  3  4  

   Next Page

Our Popular Webinars

Best Practices in Moving Processes to the Clouds

How Can the Cloud Fit Into Your Applications Strategy?

Cloud Data Integration Best Practices

The Economics of Cloud Computing

Data Services Insight: Successful implementation of Canonical Information Models

More Webinars

More Top Stories

Measuring the ROI from web experience management Gold Club Protected

Open for Business Gold Club Protected

Prescription for Pain Alleviation: Transaction Path Detection and Management Gold Club Protected

Five Imperatives for Extreme Data Protection in Virtualized Environments Gold Club Protected

Concepts and Considerations in Highly Available Data Storage Design Gold Club Protected

Top 10 Reasons to Replace Enterprise Search with Unified Information Access Part 2 Gold Club Protected

More Top StoriesTopic Archive

Related News

SOA Software Announces New Repository Capabilities

Amazon Web Services Unviels 'AWS Elastic Beanstalk'

myFreightWorld Technologies Launches Cloud Computing Freight Load Management Services

More News

Explore Our Topics

  • EDITOR'S BRIEFING
ebizQ editorial highlights and updates, compiled by Site Editor Anne Stuart
  • Today's trends: BPM suites are more popular than ever, according to recent BPTrends research. ebizQ Site Editor Anne Stuart shares highlights from the report.
  • Agility e-zine: Don't miss the second issue of ebizQ's new Business Agility Insights e-zine for updates on two key BPM standards and expert advice on decision management.
  • Burning question: How useful is BPM for addressing compliance issues? Join the discussion on the ebizQ Forum.
  • ebizQ editorial: Browse our collection of independent editorial content, including articles, tips, Q & As, podcasts, guest columns, book excerpts and more.
  • Want to contribute to ebizQ? Read our editorial guidelines,then contact Site Editor Anne Stuart (astuart@techtarget.com).
  • Virtual Conferences
  • Webinars
  • Roundtables

BPM in Action

March 10, 2011

The sixth annual BPM in Action 2011 Virtual Conference will explore cutting-edge market developments in BPM and describe how to leverage them for improved business operation and performance. More

View All Virtual Conferences

Dynamic BPM: From Reactive to Proactive

BPM 101: What Is Business Performance Management and What Are the Benefits?

SAP Portal Content Management Video/Self Running Demo

View All Webinars

Best Practices in Moving Processes to the Clouds

Date:Apr 07, 2010
Time:13:00 PM ET- (17:00 GMT)

REGISTER TODAY!

How Can the Cloud Fit Into Your Applications Strategy?

Date:Apr 07, 2010
Time:12:00 PM ET- (16:00 GMT)

REGISTER TODAY!
View All Roundtables
  • Research Library
  • Podcasts
  • News

Joe McKendrick: Part II of II: Designing Evolve-ability into SOA and IT Systems

In part two of Joe McKendrick's recent podcast with Miko Matsumura, chief strategist for Software AG, they talk about how SOA and IT systems need to change and grow and adapt with the organization around it.

Listen Now

Phil Wainewright: Helping Brands Engage with Social Media

Phil Wainewright interviews David Vap, VP of products at RightNow Technologies, and finds out how sharing best practices can help businesses understand how best to engage with online communities.

Listen Now

Peter Schooff: Making Every IT Dollar Result in a Desired Business Outcome: Scott Hebner of IBM Rati

Scott Hebner, Vice President of Marketing and Strategy for IBM Rational, discusses a topic on the top of every company's mind today: getting the most from IT investments.

Listen Now

Jessica Ann Mola: Where Will BI Fit In? Lyndsay Wise Explains

In BI, this tough economy and the increasing role of Web 2.0 and MDM are certainly topics on people's minds today. WiseAnalytics' Lyndsay Wise addresses each of them in this informative podcast.

Listen Now

Dennis Byron: Talking with...Deepak Singh of BPM Provider Adeptia

Deepak Singh, President and CTO of Adeptia, joins ebizQ's Dennis Byron in a podcast that gets its hand around the trend of industry-specific BPM.

Listen Now
More Podcasts

Read More »

  • Most Popular
  • Quick Guide
  • Most Discussed

Nine Great Unsolved Mysteries of SOA:


Distinguishing Cloud Computing from Utility Computing


Business Activity Monitoring and Business Intelligence


The Coming Cloud Computing Standards: Talking Cloud with Tarak Modi


Top 10 Reasons to Use, And Not to Use Cloud Computing


Defending Larry Ellison


Quick Guide: What is BPM?

Learn More

Quick Guide: What is Event Processing?

Smart event processing can help your company run smarter and faster. This comprehensive guide helps you research the basics of complex event processing (CEP) and learn how to get started on the right foot with your CEP project using EDA, RFID, SOA, SCADA and other relevant technologies. Learn More

Quick Guide: What is Enterprise 2.0?

A lot of people are talking about Enterprise 2.0 as being the business application of Web 2.0 technology. However, there's still some debate on exactly what this technology entails, how it applies to today's business models, and which components bring true value. Some use the term Enterprise 2.0 exclusively to describe the use of social networking technologies in the enterprise, while others use it to describe a web economy platform, or the technological framework behind such a platform. Still others say that Enterprise 2.0 is all of these things. Learn More

What Does Cloud Computing Actually Cost? An Analysis of the Top Vendors


What is the Difference Between Case Management and BPM?


Is There Place in BPM for Data Standard? If So, What Would it Be?


Will Embedded BI Put an End to Data Warehousing?


E-Zine: BPM Quarterly

This new publication from our sister site SearchSOA.com explores workflow, business activity monitoring (BAM) and complex event processing (CEP) issues.

Featured Bloggers

Peter Schooff's Latest Blog Posts:

Read Peter Schooff's Blog
Michael Poulin's Latest Blog Posts:

Read Michael Poulin's Blog
Scott Cleveland's Latest Blog Posts:

Read Scott Cleveland's Blog
Janne J. Korhonen's Latest Blog Posts:

Read Janne J. Korhonen's Blog
Adrian Grigoriu's Latest Blog Posts:

Read Adrian Grigoriu's Blog
Steven Minsky's Latest Blog Posts:

Read Steven Minsky's Blog
Anne Stuart's Latest Blog Posts:

Read Anne Stuart's Blog

View All ebizQ Bloggers