Less is more for data security strategies

Clear data security expectations must be set across the organization.

When data security scandals rock the corporate community, the finger pointing begins shortly thereafter. Customers and regulators decry the company’s lax protection protocols, business executives deflect attention onto IT teams and CIOs bemoan a lack of resources in an era of clever criminals and careless co-workers.

While there is no one-size-fits-all answer regarding the root cause of the problem or how it can be solved, Network World recently outlined several culprits seen time and again.

A lack of standards
When IT administrators are asked about their standards, it is not a question of morality. More appropriately, the discussion centers on the technical specifications and departmental policies they subscribe to. All too often, tech teammates march to the beat of their own drum.

This can often be seen in the brand(s) of encryption a company deploys. The fundamental data security technology can go a long way toward keeping information, and stakeholders, safe, but only when guided by expert hands. According to Network World, inexperienced IT administrators have been known to improvise solutions when in doubt, often relying on standards that are no longer considered best practice solutions. What’s more, new or disgruntled employees may independently decide to revert back to the tools they were most familiar with from a previous position.

As a result, subscribing to multiple encryption standards could be as damaging as establishing no expectations at all. If only one administrator understands how a data set is scrambled, they hold exponentially greater power over how that information is accessed and used. Without the proper checks and balances, that could be a recipe for disaster. Even if they only have the best intentions in mind, Network World noted the redundancy and expense that comes from this lack of standards.

An abundance of confusion
Another similar but distinct source of data security risk is the general confusion that comes from disparate management frameworks.

Each time an ad hoc security solution is thrown into the mix, a new set of access, monitoring and control responsibilities is created as well. But according to Network World, the prevailing lack of centralized management turns safe administration into a seemingly insurmountable task. From misconfiguring a new application to failing to recognize a stalled backup process, there are any number of ways an overtaxed IT manager can make mistakes if spread too thin.

Aside from establishing a centralized form of security solution deployment and regulation, consolidation and standardization can help employees deflect threats when IT leaders cannot.

In an era when workers at just about every level of the organization have data access and management responsibilities, security officers must find a way to make sure their best practices are adopted by everyone. As recent events have shown, even big-name companies have room for improvement in this area as clever cybercriminals display a growing appetite for infiltrating companies through the ground floor.

Singling out a solution
To bring order to chaos and address lingering data security vulnerabilities, security squads will need to come equipped with unified strategies. Networks are too distributed – and stakes are too high – for companies to continue making up protection plans as they go along.

According to RIS News, the path to progress begins by assessing the volume, variety and sensitivity of data in the IT ecosystem. From there, companies are better positioned to adopt a big-picture perspective and prioritize their security needs.

But once these individual data destinations have been identified, security teams must start drawing lines back to a central point of origin. Functionally speaking, that should be a physical location and role-based position from which tools and policies are selected, deployed and monitored. With the benefit of greater simplicity and visibility, managers will be better positioned to offer coherent and effective rules for the rest of the organization to observe and follow.

What are the data security stumbling blocks within your organization? How will your plans scale to meet the era of big data? Let us know what you think in the comments section below!

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.