In previous columns, I’ve examined a business glossary and a focus on management of the data lifecycle as two potential starting points for an information governance initiative. This month, we’ll take a look at another approach that is chosen by many organizations—putting data privacy and security policies into place to protect enterprise information.
It is hardly surprising that data privacy and security concerns rise to the top of the list for organizations in a number of industries. The results of poor data protection are well known far beyond the IT community. Aberdeen Group has found that the average cost of a security incident from the era of big data is USD40M.1 Data breaches lead to the sort of headlines no CEO wants to see, and have long-lasting and far-reaching impacts on both businesses and consumers.
Reducing these risks is understandably a high priority, not only for individual organizations but also for entire industries and for governments around the world (for more details, read this IBM paper on business-driven data privacy policies). In fact, more than 50 international laws regulate privacy.2 Some of the most important ones put into place to stem the tide of data security and privacy breaches include:
Failure to meet standards and regulations for data protection can result in damage to a company’s reputation and stiff financial penalties.
What’s needed for an organization to start down the information governance path with a focus on securing and protecting information? Three key areas need to be addressed:
While there are legitimate concerns about the protection of data on mobile devices and in the cloud, structured databases are still the top targets for security breaches. So it makes sense to start your data protection initiative with a focus on IBM® DB2® and other enterprise databases, since these are typically loaded with high-value data.
Not every data breach makes headlines. In fact, breaches that are less visible but occur more frequently often pose serious risks, and are common in organizations across all industries. Just consider these two examples:
These scenarios illustrate a point made by Forrester Research that 75 percent of data breaches come from inside the company.3 It’s important, then, that your own approach to data security and privacy include processes and procedures to protect against the risks of both intentional and accidental breaches from within.
The era of big data presents great opportunities for deepening customer relationships, optimizing operations, and identifying new revenue opportunities. But before you take advantage of the hidden treasure in the new big data sources, it’s important to determine how you will secure the data. Most existing security and compliance solutions will not scale adequately.
According to the IBM X-Force 2012 Mid-Year Trend and Risk Report:
“…a more holistic approach to the entire ecosystem is required. Users should become more aware of how visible their personal data is online, more aware of who has access to it, and more aware of how it can be used against them. This affects not only their social networking, but also their choices of mobile application selection and usage. As an increasing trend, mobile applications are requiring a significant amount of permissions that dilute the ability of users to discern potentially malicious intent.”
How can you start to take control and protect your data? IBM InfoSphere® Optim™ de-identifies sensitive data across both production and non-production environments to comply with data privacy regulations and avoid data breaches. IBM InfoSphere Guardium® helps organizations address requirements for the three key areas identified earlier in this article: understanding and definition; security and protection; and monitoring and auditing. InfoSphere Guardium helps to map sensitive assets inside enterprise databases. It verifies secure installation, provides change auditing and activity monitoring, and reports on auditing and compliance, scaling to secure and protect both traditional and big data.
If securing your data and protecting it from unauthorized access are top concerns for your organization, addressing them may be a perfect way to start on your path to information governance. If you’re already addressing some other governance issues such as creating a common glossary of business terms or managing your data lifecycle, then data security and protection may be appropriate follow-on steps.
There is no single approach to information governance that’s perfect for every organization at each point in time. But you’ll almost certainly benefit from choosing your own best approach and getting started right away.
How are you dealing with information governance in your organization? What challenges have you faced, and what’s working well? Please share your thoughts in the comments!
1Aberdeen Group, “The Big Data Imperative: Why Information Governance Must Be Addressed Now,” December 2012.
3 Industrial Safety and Security Source (ISS Source)