Look after your data….

If you have read my previous posts you have probably guessed that I have a bit of a thing about data security. Thinking about it, why do we have security in organisations? What is it protecting? Ultimately it is protecting what that organisation values which in the IT world is data. Without data computers are just tin and wires.

This is why I have taken to standing on my electronic soap box and start ranting about data security!

I happen to think it is a very important subject and deserves a lot more attention than most organisations give to it.

From my experience there are many excuses, the most common being cost, this really annoys me. It is much cheaper to implement good security and prevent a data breech than to suffer the cost and consequences of having to retrofit security.

The second is “we don’t have anything that needs securing”, again this really annoys me and it is utter crap. It shows they don’t value their data. People who have this approach only really value something when it is gone. There are some lighter moments in my life when I see peoples worlds crumble when they realise their data is more important than they were saying.

The third is “we have something already which is good enough”, typically just disk encryption, don’t start me off on that one again!

I so often see poor data security which was implemented as a knee jerk reaction. This typically ends in an expensive disaster, swiftly plugging a security hole without any planning leads to years of suffering the consequences.

I am mindful of a case where an overenthusiastic organisation had gone to great lengths to encrypt their archive data following a data breech. Their approach was typical “we have had a breech, let’s fix it ASAP”. The person that was made responsible for the project dutifully encrypted all of the archive data but did not documented the implementation and subsequently left the organisation. The archive data was accessed so infrequently that no one knew they could not decrypt the data without the information in their ex-colleagues head. Now came the time to access archive data and the found they couldn’t, there were terabytes of scrambled data that was no use to them.


*** This is a Security Bloggers Network syndicated blog from IT Security & Encryption authored by Duncan McDonald. Read the original post at: