The #1 legal concern data security

January 30, 2013

Inside Counsel magazine recently reported that data security is the top issue cited by more than half of in-house lawyers. This was reflected in a conversation yesterday at the IACCM Board Meeting, where both lawyers and non-lawyers highlighted its growing importance.

The Inside Counsel article focuses on the need to understand the nature of the data possessed within a business and then to take steps for its protection. It concentrates largely on worries over regulatory compliance and reporting, so various forms of personal data lie at the forefront of concerns. Since some level of hacking appears inevitable, the advice relates largely to the steps needed to limit potential fines and to eliminate the need for reporting. Much of this revolves around encryption, but also the need to analyze data flows to ensure weak spots are identified.

At the IACCM meeting, perhaps because more of the companies represented are b2b, the focus was somewhat different. For them, data security was also about critical business data – product development, strategic plans, customer records. The concern is more around the exposure that arises from links with trading partners – the extent to which shared systems or information access creates a gateway to wider data loss. The implications of this force companies to consider a wider array of solutions. This includes terms and conditions that commit trading partners to appropriate steps and contain penalties for failure. It often incorporates some right of audit or validation.

But ultimately, terms and conditions are a relatively weak form of protection because the most likely reasons for data security breach are either because  a trading partner lacks size and sophistication, or because it lacks integrity. And these issues will typically be fixed only one of two ways – that is, do the work in-house or select top quality partners who cannot afford reputational damage.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , , , , , , , , , , , | Permalink
Posted by david ricketts

Defensible Disposal with Automation

September 13, 2012

It’s no secret that the data on corporate servers is growing exponentially. Documents, presentations, media, spreadsheets, and other files are constantly being created and moved onto servers, and after a while, most of it is rarely used, if at all. However, much of this stale data also must be retained in order to comply with regulatory compliance, or to maintain business continuity.

Many IT departments are faced with the reality of having to either continually expand their storage infrastructure or try to accurately determine which data can be safely disposed. The first option is costly and results in basically paying for information you’ll never use, while the latter can be costly in terms of man-hours and brainpower, especially without an automated process in place.

Let’s examine the options a bit closer.

Do Nothing

While it seems like a simpler solution to keep expanding your hardware and try to hold onto every bit just in case it is needed some time in the future, this sort of inaction with regards to defensible disposal is simply not a viable option. Allowing vast amounts of data to accumulate will make it increasingly difficult for users to find relevant data, slow down e-discovery, cause servers to perform poorly, and possibly even crash them, costing your business precious time and money.

Do Anything

Taking the wrong action can be just as damaging. Deleting your CEO’s old email archive might result in a very uncomfortable conversation; disposing of files that you are legally obligated to retain (for HIPAA, HITECH, SOX, etc.) can cost people their jobs, and possibly result in legal action. That’s something no IT professional ever wants to have to deal with.

Do the Right Thing

It should be clear by now exactly why proper defensible disposal techniques are integral to the survival of any business, especially those with sensitive data. Proper disposal techniques can save money and time by streamlining the process of deleting useless data and allowing for admins to focus on other more pressing needs.

If you’re finding the process itself takes quite a bit of planning and/or some sophisticated technology to do most of the heavy lifting, consider automating with technology like the Varonis Data Transport Engine. Varonis DTE simplifies the process of defensible disposal by leveraging our Metadata Framework, allowing admins to automatically and continually delete or migrate data based on a wide array of criteria, such as the content of the file or the date it was last accessed by a human user. This ensures that information that needs to be retained isn’t disposed of by accident and the data that can be safely deleted proceeds safely to bit-heaven, or bit bucket, or /dev/null.

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 753 other followers