What has changed, however, is the regulatory environment within which many organisations now operate. Corporate governance legislation demands that certain information is retained securely, particularly when it relates to the financial management of the company and the manner in which it interacts with customers. Furthermore companies are required to manage their operational risks effectively through business continuity, which also relies on essential information being securely stored. As a result of recent high-profile cases of infringements, the regulators have become more vigilant, focusing on preventing any breaches, rather than post facto investigations. As a result secure storage and the protection of stored data has zoomed up the corporate agenda, and organisations need an effective policy for managing it.
There are three elements to any policy: people, processes and technology. It is tempting to focus almost exclusively on the IT, at the expense of everything else, and it is easy to see why. There are numerous technologies available for securing storage that operate at several levels. The data that is being stored can itself be secured through the use of encryption; digital certificates and watermarks; file splitting; or even highly locked down pdfs that prevent records being tampered with once they have been created and saved. In addition, the storage systems themselves can be protected. A new generation of wide area and caching systems can be used in conjunction with encryption technologies to preserve data when at rest, in transit or at presentation. Record management systems and storage-specific WORM (Write Once Read Many) products are also available to enhance archiving and storage security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.