Take data security beyond the firewall – protect your information at the source

Data security is a critical component of any organisation’s arsenal, particularly in light of the growth of connectivity and rapid growth in the rate of crimes perpetrated online and against computers.

May 6, 2013

By Gareth Tudor, CEO of Altonet

Data security is a critical component of any organisation’s arsenal, particularly in light of the growth of connectivity, the well documented data explosion, and rapid growth in the rate of crimes perpetrated online and against computers. Without adequate data security, organisations leave themselves vulnerable to hackers and other cybercriminals, information theft, identity theft and more. This need is well understood at the corporate server level, where firewalls work to prevent those with malicious intent from gaining access to sensitive corporate data.

However, a firewall is simply no longer enough, as the growth in mobility means that many more people have data literally ‘walking around’ on their laptop computers, on portable storage devices, and even on phones and tablets. Because of the portable nature of these devices, they are prone to theft or being lost or left behind, which then creates vulnerability if these devices contain sensitive information. With the impending implementation of the Protection of Personal Information (PoPI) Act, protecting this information, especially when it pertains to customers, is even more critical. In order to comprehensively protect data, it is necessary to address data security at the source – on the laptop or storage device itself, with encryption and security tools to deliver data protection, access control and rights management.

From emails to online ordering, credit card information and customer data, digital information has become part and parcel of today’s business. As volumes of data and the variety of data transactions have continued to increase, the value of this information has increased accordingly, making it an attractive target for criminals. This data is the lifeblood of the organisation, and if it falls into the wrong hands the consequences can be dire. This confidential information, should it be leaked into the public domain, could seriously affect the viability of a business. Added to this burden, PoPI demands that any information about or relating to customers be kept securely. If notebooks and PCs are stolen, and this data is not protected, not only could organisations face business and profitability challenges, they could also receive hefty penalties for breach of PoPI.

While traditional anti-virus and firewall solutions will protect servers and the information they contain, and will protect the PC or notebook while it is within the corporate network, once the notebook leaves this network it is no longer secure. Mobile storage media are also vulnerable to theft, and need to be protected no matter where they are.

On-device data encryption and security can help to prevent data on any of these devices from being accessed unlawfully, helping organisations to comply with the requirements of PoPI. These solutions enforce the encryption of data with no effort from the user, ensuring maximum uptake. They also provide a platform to manage security policies across PC’s, notebooks and portable data storage devices, including external hard drives, flash drives, CDs and DVDs. Rights management and access control ensures that only permitted users can view data, and policies can be set as to which data must be encrypted.

Encryption and management can be conducted remotely, so that the experience of the user is not affected, and all of the nominated files or folders are automatically encrypted. The user remains the only person with access to the encryption key, so that not even the IT manager can gain access to the data itself. On-device encryption and security also provides full reporting and audit trails for demonstrable PoPI compliance.

Data can be forced into quarantine according to access management rules, if the data is not accessed for a specified length of time. Data can also be remotely wiped from a notebook, PC or digital storage medium, to ensure that there is nothing for criminals to find should devices go missing or be stolen. To further enhance security, on-device encryption can be linked into cloud-based backup and restore solutions, so that encrypted or quarantined data can be downloaded back to any computer ad then decrypted by the user, so that should devices be stolen, there is minimal disruption. These features work together as part of a comprehensive security plan to protect confidential information and enable PoPI compliance.

An all-encompassing data protection strategy is critical to today’s business, and once PoPI comes into effect, this sound business practice will also be legally enforceable. Notebooks, computers and portable storage media go missing all of the time, and organisations need to take steps to prevent any customer information stored on these devices from falling into the wrong hands. On-device data protection and encryption can help businesses to develop comprehensive data management and protection across the organisation, closing up loopholes and protecting against vulnerability.