IT DRILLDOWN
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
 * Managing Change: Centralizing Your IT Organization
 July 29

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 

Caveat

 

Busting the 10 Myths About Data Protection

Whether from security breaches or careless insiders, data protection is on the mind of every CIO these days. However, many don't know that it's steeped in misconceptions.
 

By Jim Haskin, CIO, Websense

January 11, 2008CIO — Data breaches happen all the time in industries ranging from retail to government. Protecting data is a key concern for CIOs, but there are a lot of misconceptions about data protection. Here we'll debunk some of the myths and explain best practices for protecting data without impeding daily business operations.

MORE ON Data Security
The Perils and Promise of Real-Time Data
Survey: Most Companies Clueless About Costs of Unsecured Data

Myth No. 1
Information leak prevention is the security administrator's problem.
Securing companies from external threats such as viruses has long been in the security administrator's realm, but securing the company from information leaks requires a much broader view. Today, the challenge of protecting sensitive data spans business units—from IT to the legal department to the boardroom. Every day, CIOs face the challenge of putting the necessary technologies and processes in place to protect confidential data and comply with federal regulations, but they have to accomplish this without impeding daily business operations.

Myth No. 2
If I block instant messaging, Web-based e-mail and external storage devices, I don't need to worry about information leaks.
Controlling instant messaging, Web e-mail and external storage devices may increase basic data security; however in today's connected world, putting tight restrictions on information flow can hinder business process and ultimately constrain company growth. Effective leak prevention requires the ability to keep information inside the company's walls without disrupting its legitimate use for normal business operations. Information management requires a balanced approach. Best practices include building leak prevention policies around things like instant messaging and Web usage, as well as using a growing number of technologies such as endpoint security and encryption technology to enable employees to leverage external storage devices safely.

Myth No. 3
I know where my data resides.
Most companies don't have a good handle on where their data lives, whether on file servers or company laptops. Understanding who has access to data and where it flows inside and outside the network is crucial to managing information. In addition to identifying sensitive information, CIOs must understand other areas of exposure, such as unsecured endpoints and whether Internet use policies for common data loss vectors (like instant messaging and Web surfing) exist and are being enforced.

Myth No. 4
I should be most concerned about protecting my data from data theft and malicious internal leaks.
Malicious data leakage and theft is certainly important to address; however most leaks are not intentional. Mistakes, deviations from existing business or IT processes, and the negligence of employees and contractors can result in leaks. In fact, according to Forrester Research, more than 70 percent of all leaks are accidental. With e-mail auto-fill for the intended recipient on nearly every computer, it is easy to see how e-mails accidentally get sent outside the corporation. When developing an effective information leak prevention strategy, you must focus on accidental data loss to address the majority of the day-to-day risk.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Choose a mobile device platform with familiar programs and simplified management

How to Manage the Mobile Work Environment

How to simplify mobility and reduce the cost of supporting mobile workers

Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response

Webcast: Best practices in application security: How do you stack up?

White Paper: Juniper Networks Ethernet Switching Solutions Reduce Operational IT Expenses

Webcast: Learn why companies must invest in an agile network infrastructure

White Paper: Businesses Thrive by Unifying Business Communications

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

Renowned Engineering Institution Chooses AMD Processor-Based Servers

High-Definition: The Evolution of Video Conferencing

Managing Mobility: An IT Perspective

Unify and Conquer: The Benefits of Unified Communications.

Webcast: Increase traditional notebook computing ROI

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

The New Foundation of Storage: Xiotech's Intelligent Storage Element

Green IT: Reducing Your Carbon Footprint with Citrix

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Top 10 Reasons to Go Green in IT

Transforming Virtualization into a Competitive Advantage

Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management

Network Immunity Manager Video

Cost-Effective Data Center 1U Server Solutions

Automate Business Processes - Try a Free Mashup Composer

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get Control of Mobile Data (and More)

Mitigating Risk with Security Assessments

Top 10 Questions to Ask when Choosing a Secure File Transfer Solution

Webcast: Building an Optimized Infrastructure

Juniper Networks is changing the economics of networking with a no-compromise, highperformance and service-oriented approach

Research about the efficiencies created by different operating systems.

Unified Communications Software: The Death of VoIP?

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Seeing is Believing: The Value of Video Collaboration

Getting Network Management Right: A Gartner IT briefing

Demonstrating the Business Value of Mobile Device Management

Oracle Database 11g: Real Application Testing & Manageability

Key challenges facing today's IT service and support

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Webcast: Solutions to the Toughest IT Challenges in Remote Offices

Extending PCI Compliance to the Mobile Workforce

Webcast: Why standardizing your ECM platform is so critical to your success

White Paper: WebMethods Business Process Management Suite

Gaining Transparency in IT Outsourcing

Top 10 Misconceptions about Performance and Availability Monitoring

Write an RFP for Master Data Management: 10 Common Mistakes to Avoid

HP Puts Its Disaster-tolerant Capabilities to the Test

Microsoft System Center - Designed For Big

Read Forrester's advice for deploying an enterprise mobile solution