Adopting a data protection focus

January 24, 2010 Leave a comment

Adopting a data protection focus begins with understanding that the focus or risk management should include a greater focus on data.  Securing the data held in these services begins with the understanding that security and IT no longer have direct control over the location of the data, or how it is accessed; cloud based services and SaaS applications puts users in control of data.

Applying the CIA (Confidentiality, Integrity and Availability) rules to data is a good way to frame a data protection focus.  Using the diagram – Data Protection Focus, consider how to protect the data stored and processed in the cloud based services when you have no means of controlling access to it or who uses it, when ‘too risky to allow’ isn’t an option.  One way to resolve this problem is to work with business and technology peers to consider what data should be exposed through a risk vs. value governance process that balances corporate growth and efficiency with regulatory compliance.

What is evident is that protecting data is no longer a pure technology task; a data protection focus relies on governance and open business collaboration.

Filed under Information Security Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.