Thank you for Subscribing to Apac CIO Outlook Weekly Brief
Enterprise Security - Keys to Enhance Data Security
By Daniel CS Yeo C.I.P.M, Business Development Director, HaloData Infokom Sdn Bhd
Trending technologies in these last decade, enterprises are either busy chasing corporate numbers or intrigued with courting social status in social media that many have not been putting enough attention at the most crucial aspect of an enterprise, i.e. security.
Enterprise Security consist of many aspects and within the Information Security context, Data Security could and would be the most important asset in an organization that many are still not treating them with utmost priority nor having enough knowledge on how to set up " defense "parameters to safeguard enterprise data that could consist of financial, patents, trade secrets, clients, patients and personal information.
With the emerging of disruption technologies and the lacking of training or knowledge on how to utilize them properly, enterprises are jeopardizing themselves in security breach, particularly their data.
Whilst there are a lot of organizations that pride themselves in complying with or achieving the requirement of industrial standards in their area of expertise, many have overlooked safeguarding their data internally. Many are ignorance of the fact that mismanaged and misused of data of the enterprise will have serious consequences to the organization, in the face of its reputation as well as the possibility of running into legal complications, such as breaching the Personal Data Protection Act.
We shall look into some key areas that companies should consider in regards to securing their data as well as mitigating risks. Following are a few key highlights that we should look into :
Data classification BYOD (Bring Your Own Device) policies Data encryption
Rights to access data
Data Classification :
Data classification has been one of the oldest forms of securing data in an organization. However, and surprisingly, general perception of data classification is those only government agencies and a few private sectors such as insurance or banks practices data classification in documenting their information.
In any day of operations of an organization and for argument sake we shall take small enterprise as an example, flow of data like financial and clients information could be channeled out without taking into consideration of its sensitiveness and significance. The sense of ownership of the data sent by sender could almost be zero!!
Enterprises should take pro-active approach by enforcing data owner to classify their data, base on its sensitivity prior to releasing the information to recipients. Ownership must be enforced by companies to data owner.
BYOD (Bring Your Own Device) Polices :
Competitiveness has driven businesses to be more cost conscious and some have taken steps as to allow employees to bring their own devices like laptop, pen drives and mobile phones to access to company’s data and information in