- What is enterprise data security?
- Should I focus on the big virus threats or on the broader task of securing my data?
- There's no way to overspend on security, right?
- Can I safely cut my security budget?
- How do I get the CEO to buy into on my strategy?
- I'm looking long-term. My systems are platform-based. My security stance mirrors the threats. Do I still need to focus down to the individual packet level?
- Should I derail a project nearing completion to insert security measures?
What is enterprise data security?
Here's a typical enterprise data security scenario in corporate America today: There are three people who access a company's data stores. The first, a sales manager, sees the opportunity to match products with paying customers, based on their buying history. The second, a business manager, sees the opportunity to catch the competition flatfooted with unique market intelligence. The third is a hacker who just sees malevolent opportunity.
Your job is to deliver useful information to the first two in real time while denying the third access, information and, if possible, his freedom. How you do that is called enterprise data security.
Most people think tactically about security, yet effective security decisions originate with policy. It pays to take the long view with security, arm yourself with security-product platforms, and defend your company by first shoring up your weaknesses.
Here are some questions to keep in mind when discussing enterprise data security:
Should I focus on the big virus threats or on the broader task of securing my data?
Data security should always be your primary focus, says Jonathan Penn, a security analyst and vice president with Forrester Research.
Threats, like the conficker virus that gathered much attention in the spring of 2009, are topical and, in a perverse cultural sense, sexy. That's what F.U.D. (fear, uncertainty, doubt) is. And there is a satisfying impact when you bring them up in senior staff meetings. They also get a lot of attention in budget discussions.
Of course, you have to take them seriously, but reacting to threats is by definition falling behind events. And while a coherent data-security strategy won't immunize you against every threat, it will prepare you for attacks and internal mishaps, which will lessen their impact.
For more on Enterprise Security, see CIO.com's Security Drilldown.