What to do to ensure your organization is protecting information and complying with such rules as PCI DSS and HIPAA.
By Bart A. Lewin
January 16, 2012
Noncompliance with good business practices and external regulations, such as PCI DSS for credit card data or HIPAA regarding healthcare information, can result in significant fines, damage to an organization’s reputation, and other severe consequences. By incorporating quality, tested products and services, organizations can avoid risk through effective data protection.
Here are five tasks organizations should undertake in order to protect data and assure regulation compliance:
- Assess Quality As part of any system implementation process, organizations should review the meaning, quality and timeliness of the data stores in sensitive areas, including those that contain regulated information or intellectual property. This will identify, for example, databases that may need special attention to secure or sensitive data that resides on smartphones, laptops, home computers or other unmonitored platforms.
- Outline Data Touch-Points Develop a map that outlines all the groups and individuals that contribute to relevant data stores. Include the applications used and the business purpose of the data. This will enable applications to be secured with minimal impact on business operations. It will also improve the general understanding of the protection procedures and reporting that is in place.
- Perform Periodic System Reviews Post-installation system reviews have many advantages. As new applications are being deployed in organizations, it is critical to ensure they have not introduced new vulnerabilities. Organizations moving toward inexpensive cloud applications say, for online backup services in which data is stored outside the firewall will need to weigh the economy of such solutions with the risks of placing sensitive data in the hands of outside vendors.
- Create Comprehensive Security Policies Seek advice from experienced professionals in the field and develop a specialized security policy that is then documented and enforced by both the operation at large and the IT solutions themselves.
- Design Complete Solutions Consider engineering a complete solution built with a portfolio of complementary products. By leveraging best-of-breed database security solutions, organizations will be able to be protected from breaches.
Bart A. Lewin is president of Woodland Hills, Calif.-based Datalytica, Inc.
Commenting is not available in this channel entry.