I guess I could have used a different title also “Make Your Data Unsecure and Sink Your Career”! Although IT Leaders spend much of their time worrying about making sure that their IT teams are working together to be successful, that pesky issue of data security keeps creeping into everything that we do. Maybe it’s time for you to make a plan…
What You Are Doing Wrong Right Now
One of the keys to having a successful IT Leader career is to not get caught up in some big data breech incident – it’s hard for an IT career to recover from something like that. Even fancy new IT trends like cloud computing won’t save the day – it just means all of your valuable stuff is in one place for the hackers to attack.
Right now too many IT Leaders’ approach to securing their company’s data is to realize that they’ve got a bunch of valuable data sitting on a bunch of servers inside of some data center. Their approach is to install guards (firewalls) and to limit how people can gain access to the data (intrusion detection systems). Although this is a necessary step, it’s not nearly enough.
The Right Way To Do Data Security
So if we know what the wrong (or at least incomplete) way to do data security is, what should IT Leaders be doing? Simply put, you need a new security strategy.
The goal is pretty straightforward. You should be able to protect both your structured and unstructured data no matter where it is: being used by both employees and customers, stored on a network file system, or as it’s in flight over the network.
What we’re really talking about is doing away with the old idea of an IT information security program and instead replacing it with an enterprise risk management program.
What Are The Right Questions To Ask?
Michael Davis is a security consultant who has taken a look at this issue and he believes that there are four questions that need to be asked by the person who owns each piece of corporate data:
- Where is the data?
- What exactly is the data?
- Who has access to the data?
- Why do they need to have access to it?
Taking the time to ask, answer, and remember what the answer was to these questions is the key to developing a sound corporate data security program.
Who Should Be In Charge?
The final question that you need an answer to is just exactly who should have the ultimate responsibility for the security of your data? Interestingly enough, the answer does not lie in IT.
Instead, the experts recommend that a non-technical business-side owner be selected and vested with the power to make all decisions regarding the data in question. By doing it this way, you can ensure that the business value of the data being secured will be part of any decision regarding how to secure it.
What All Of This Means For You
IT Leaders walk a fine line: they need to complete their IT projects as quickly as possible and yet at the same time they need to take the time to make sure that corporate data remains secure. The old ways of doing this are no longer enough.
IT security programs are morphing to become part of a larger enterprise risk management program. Assigning a non-IT person to be responsible for making decisions about a given type of corporate data is the first step. The next step is to make sure that the right questions are being asked.
You can never completely guard against a hacker breaking in and attacking your data. However, smart IT Leaders know that with the right responsible parties and by asking the right questions, it is possible to do a good job of securing the data that needs to be secured.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™
Question For You: What part of the company do you think that the owner of corporate data should come from?
What We’ll Be Talking About Next Time
If IT was a game show and you were a contestant on it, right now it sure seems as though you could correctly any question that you were asked by replying “cloud computing”. That’s because cloud computing, basically outsourcing parts of your next IT project’s IT infrastructure and applications, sure seems like a great idea. However, early reports back from the front lines by other IT Leaders are starting to paint a different picture…