It’s Christmas Eve and all of your information is in sleep mode in an on-premise data repository. How secure is your data repository? Will intruders like Santa break past your data repository and compromise the confidentiality, integrity and authentication of your data? The truth of the matter, is that with the current information revolution, different content has different security needs. The problem with taking extreme security measures and putting everything on lockdown is that you can hinder those trying to work remotely and collaborate outside of the firewall. You cannot look for a cookie cutter tool to protect your enterprise information assets as there is no one size fits all solution. An AIIM Webinar on “Information Security For The Modern Enterprise” makes the important point that you can’t just use technology to protect your information, but you also need to educate your staff on how to wisely use information.
Some common principles and practices that can guide you on the path to protecting your information are as follows:
- Think about security in everything you do
- Apply the least privilege principle
- Minimize the attack surface
- Encrypt but not as a panacea
- Don’t just secure production areas, but also development, staging and testing environments
- Require access based on usernames and strong passwords
- Remove unnecessary components
- Apply security patches
- Follow secure coding practices
- Monitor and audit, then monitor and audit again.
These tips come from a white paper by McAfee entitled “A Practical Guide to Database Security.” Much of the information in it can also relate to enterprise security. For more information on database security, I’d also recommend a white paper from Tech Target entitled, “Best Practices for Database Security”
One of the tried and true methods for protecting information is encryption. With the rise of cyber criminals and more and more emerging threats, it is a good idea to ensure you are following best practices for encryption management to ensure you have an optimized line of defense. Forrster Research and Venafi have made available a webinar entitled, “Emerging Threats and Ubiquitous Encryption.”
One of the hairiest areas to cover is mobile device management (MDM) due to the rise in bring your own device (BYOD). Mobile risks means that there may be gaps in your information security that you are currently unaware of. Tech Target and Citrix recently collaborated on a white paper, “Rethinking MDM in a BYOD world” where they assert that it is impossible to manage users devices and apps, but the focus should be on business content.
The complexities of mobile computing are creating exponential business risks. Regardless of business size or industry, no organization is immune. With mobile computing, a single misstep is all it takes to create serious business problems. You have to look at the big picture. Once you realize that mobile computing as we now know it is not going away, you can start developing a strategy to ensure you do it right and in ways that can be leveraged into the future. With today’s diversity of devices and apps, mobile has become virtually unmanageable…Rather than struggling to manage each and every physical device, why not implement technologies and processes that allow users to securely access corporate applications, email and documents from all their devices? Focus on where it counts – managing business content.
IBM has provided a valuable tool for assessing the security of your enterprise information. An audit like this is always a valuable tool so that you can gauge the strengths and weaknesses. This security report card looks at areas such as threat management, application security, identity and access control as well as many others. In regards to information security, ignorance is not bliss, so take this assessment from IBM so you can ensure you make the grade. IBM’s information self assessment