/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsThe moment we hear the words data security, a lot of jargon comes to mind, such as digital certificates, encryption, PKI, SSL, IPSec, etc. Most of these technologies have now been in existence for many years, and you would have read about their uses and how they work in a lot of stories. Their benefits are also fairly well known and much talked about. But one thing that kind of gets hidden amongst all the hype is the actual data that they're protecting and its relevance for the organization. At the end of the day, it's this data that's important and not the technology. Moreover, this data varies across different types of organizations, so the way it should be protected also varies. Unless you can identify and classify this data in the order of relevance for your organization, no security technology will be able to do anything. So when thinking of data security, break free from all the jargon and think about what's really needed. All data is not equally important, so classify the data in the order of criticality. What would be the business loss if this data were to (God forbid!) get stolen? You might get a few surprises.
/pcq/media/post_attachments/3e59900cea6e9c95e0def31cff558ace4c68d32b592485235c438113b0deb188.jpg)
That's why this time, instead of talking about the technologies available for data security, we've taken a different approach.
We've approached the CIOs and key IT people across various industry verticals and asked their views on data security with respect to their industry. We asked how important was data security to their company and the industry they represented in general. We also asked what was the biggest challenge they faced as far as data security was concerned, followed by the technologies and techniques they employed to overcome it. Like we said, all technologies are immaterial if you don't know what data to protect, so we asked them about the area of work in their organization where data security was extremely critical, and of course, whether they had classified their data security in any way. Classifying data and using technology to secure it is not sufficient if your own employees don't cooperate. What do you do if a disgruntled employee decides to misuse your important data? Handling internal threats therefore is equally important, and therefore we asked this question as well, and what policies did the companies adopt for data security. Also, what action did the companies take in case there was a breach of security. We also asked what direction was their company taking in securing their data in the future and whether anything specific was happening in their industry towards data security. Lastly, we asked whether there were any known standard for data security in their industry and how were they following those.
The results of our questions are presented in the pages to follow.
By Anil Chopra, Rinku Tyagi. Sujay V Sarma