That two major companies have made headlines is more an indication of the overall state of data security within organizations. No one would deny that both organisations have the means to deploy the best technology, the problem I would suggest is that they both appear to have placed to much trust in the integrity of staff, and where overly dependent on staff carrying out their responsibilities effectively. Despite the fact that the buck stops at the top, the first people who should come under serious scrutiny are the senior security staff whose job it is to ensure that these incidents do not happen.
Passwords – Protecting the Key
Passwords remain the primary key used to unlock access to business-technology systems. Passwords need to have limited use-life. System-level passwords, such as those used to gain access to networking equipment and server/application administration need to be changed regularly, and in some cases should be “one-time-only”. All privileged or “super” user passwords should be centrally maintained and managed. Basic employee passwords used to access business applications, computers, e-mail accounts etc., should be similarly recycled regularly. Despite widespread knowledge of sound password policy, many organizations still fail to adequately create, manage, and retire their usernames and passwords effectively.
Securing Data – Hiding the Family Jewels
Given the continuous news of lost backup tapes and unauthorized access to corporate databases, more attention needs to be given to the effective encryption of “data-at-rest”. Encrypting stored data can be one of the most critical facets of an organization’s defense-in-depth strategy.
Securing data while it travels between applications, business partners, suppliers, customers, and other members of an extended enterprise is crucial. As enterprise networks continue to become increasingly accessible, with more and more organizations adopting an “Internet Centric” model, so do the risks that information will be intercepted or altered in transmission difficult to manage.
This is the very essence of the Vaulting Technology. Vaulting Technology makes certain that an inevitable slip in an organizations security posture won’t result in stolen intellectual property, or having to inform customers that they’re at risk of identity theft because their personally. Today many companies are still exchanging highly sensitive data by couriers because the infrastructures they have in place have not addressed the protection of highly sensitive data. It’s a bit like having email but still relying on the Pony Express for the really critical stuff! Certain traditions are not worth keeping!
There was a day when everything was committed to paper and locked in a secure vault or safe in the office. Nowadays everything is digital but it still needs to be locked away in a digital vault. After all somebody is bound to forget to lock the door sooner or later.