Secure — From the Inside Out

Photo: Hotshots Imaging

Jim Shanks, Executive Vice President and former CIO of CDW

In a recent poll of BizTech readers, technology managers named remote access, disaster recovery and security as their top three IT priorities. The last thing any business would want is to have their company’s sensitive data wind up in the wrong hands. As businesses invest in electronic data systems and infrastructure, intellectual property in the form of data — not hard cash or capital assets — has become the new currency. That’s why a growing number of IT managers are shoring up their networks with security tools to ensure that no data leaks out — accidentally or on purpose.

When it comes to security options, market research firm International Data Corp. reports that 81 percent of IT managers invest in some type of data technology to protect and control their sensitive information. According to IDC, data loss prevention (DLP) and encryption are the key features of a comprehensive data protection strategy.

What’s driving the increased investment in DLP and encryption? For starters, as businesses revamp their infrastructure and increase productivity through new technology systems, data becomes more and more central to a company’s viability and competitiveness. That data — such as customer lists, margin reports and pricing algorithms — help define the competitive differences among businesses, making them too precious to put at risk. Additionally, an increasing number of businesses must also comply with numerous regulations that govern the handling of confidential data.

Sharp HealthCare is a good example. The San Diego-based health-care provider must not only comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), it must also prove that it’s in compliance. After putting comprehensive data loss prevention tools in place, the company says it reduced security policy violations by 70 percent in the first year of deployment. The tools Sharp chose also have helped the health-care provider maintain the detailed documentation that proves it complies with those regulatory provisions.

More Than Software

Software tools are critically important — and a good start — but they have to be coupled with training that heightens employee awareness. With restrictions on access and tools to audit usage, the next step is limiting and controlling access to sensitive data to authorized users and training those users to handle this information properly to reduce the risk of data loss.

“Most employees mean to do the right thing; they don’t want sensitive data to leak out either,” says Starla Rivers, technical security architect at Sharp HealthCare. “Our challenge is to make it easy for them to comply.” Rivers adds that training programs and technology tools need to be “something that we are doing for them, not to them.”

As Rivers points out, employees may mean well, but if they aren’t in the mind-set of looking out for potential leaks, they can’t be expected to cooperate. The reality is that the software is fairly easy to deploy and doesn’t require much extra work from the staff. There should be little impact on the typical day’s work flow.

“The important thing is that there be no surprises,” says Kam Golpariani, vice president of security risk management at First Advantage in Poway, Calif. “This can’t be something that comes out of left field, which is why a phased rollout is the best approach.”