If one thing in this world is certain it’s that whatever plans you make, something will ultimately happen to scupper them... the Titanic’s designer was confident that his design was fool-proof, but the iceberg proved him wrong. The best one can do is try to think of every conceivable variable and take appropriate actions to counter them. However, not everyone thinks like that.
In modern business, there are risks around every corner. Some are known (i.e. playing the stock market, entering new markets etc.) and some are not (i.e. the financial meltdown). However, there are many risks that should not be risks at all. What am I talking about? For every company on the planet, one of their key assets is their data. From the local delicatessen to the multinational retailer, data is the lifeblood of any organisation. Protecting that data is imperative and is a risk that should never be taken. However, some companies have failed to do this and the repercussions have been immense.
In 2009, there have been a number of high-profile data breaches, ranging from mobile operators, government departments to retailers, and in a lot of the cases individual employees have been to blame. To err is human, but when it comes to risking the lives of the general public then such risks are unacceptable and the blame has to lie with the company more than the employee. Let’s take the example of Health Net, a US-based health care firm, which ‘lost’ an external hard drive containing financial and medical information on about 1.5 million customers. The data was not encrypted and the information on the drive also included social security numbers for customers spanning Arizona, Connecticut, New Jersey and New York. Come on guys... surely it’s common sense to encrypt data, especially when it’s so sensitive?!
This is where I have trouble understanding some companies. Whether in the public or private sector, it’s a company’s responsibility to protect its information (even more so when that includes privileged information on the public) but it seems that some firms don’t agree with me. There are hundreds of end-point security solutions on the market that ensure, for example, laptops, USB drives and portable hard drives can be encrypted, but it seems from what’s happened recently that IT departments prefer to play Russian Roulette with their data. This is insane! If my privileged information was lost because of an organisation’s hap-hazard approach to security I would be outraged.
So what can be done? Apart from lobbying businesses to show more common sense and encrypt end-point devices, the most prudent approach is to encrypt data at the heart of the organisation – the network. Policies have to be put in place to protect sensitive information, so why not start at the heart of the business. By encrypting data at rest, companies can mitigate risks and ensure data integrity at all times. It also sends a positive message to employees; the business takes data security seriously so you should too (or find new employment). Brocade’s fabric encryption solutions can help businesses address network security issues and promote best-practice throughout their organisations.
As consumers, we need to be more vocal. I am sure the 1.5m Health Net customers are shouting from the roof-tops right now, but that’s after-the-fact. Consumers need to lobby businesses to take preventative actions and secure data before the inevitable happens. If we don’t, data losses will carry on unabated. KPMG’s Data Loss Barometer predicts that 190 million people around the world will have fallen foul of data loss incidents by the close of 2009*. If you don’t want to be added to this statistic do your bit and speak up before it’s too late.