Developing Best Practices for Managing Your Company's Data
A few years ago, a USB stick was found in a British Government secure facility parking lot with a lot of data on it that was not intended for release. Although it was never publicized, the IT management people that were responsible for security were allegedly given an ultimatum: find a way to ensure that going forward, the data centers that run servers with sensitive data do not require direct human intervention or maintenance once they are up and running. To their credit, IT management reputedly did just that, averting potential future losses.
If you are someone who has a say in your corporate data management policy, the stakes in providing quality data management can be similar:
First things First - Determining Who Owns The Data
Before you design and implement a system that protects all your devices and people, regardless of where they are, it is a pretty good idea to review the device inventory that your firm has. Do you have a shared policy for smartphones or tablets where workers bring their own device in? Or do you allow workers to keep their own data on company devices so they can have a personalized piece of equipment? In either case, experts say that one of the strongest ideas may be to explain to workers that everything that their device contains will be protected under both corporate IP policy and corporate data management in order to protect them from loss to the company.
In this scenario, your corporate data management policy would allow management to be flexible enough to extend data backups to the entire device, yours or theirs.
Committing to a System that Provides Secure Coverage
Details are now emerging from the latest Home Depot data breach, which apparently impacted thousands of customers with regard to their credit cards. Although at one time, the system was designed to provide adequate end-to-end security, the security software that scanned the system for malware was allegedly not upgraded for the past three years. Of course the original version did receive similar updates for problem types of software, but the engine itself was not updated. Similarly, there was a blind spot when credit card information was sent from the stores to the central servers. It was sent in unencrypted fashion.
Which tends to make data management designers recognize that:
- There may come a time when budget limitations affect your ability to provide complete coverage.
- Fighting for the budget to provide complete end-to-end coverage of your data is likely worth it
By doing an up-front vulnerability analysis to any design that you create, you will not only create a transparent world for your data management policy to thrive in, you will also likely attract better security talent as they are typically excited about working in situations where the likelihood of them looking bad is not that great.
Remember the overall success of your design will often be dependent upon maintaining corporate commitment to the implementation.
Outsourcing is a Faster Way to World-Class
Ever since The City of Los Angeles turned data management of its own productivity applications for all workers to an outside company, companies and local governments have increased their reliance on outsourced data centers as a means of serving data.
Security costs and concerns are a very good explanation for this. Most data centers run by telecoms, providers, or security specialists focus on providing space and bandwidth in an environment that is normally much higher security than anything that you can hope to provide without a large budget. If it isn't absolutely essential for much of your data to be stored locally, the current notion is that it is safer at a partner's data center. The costs will be much lower than having your IT staff administer your own data store as well.
Remember the Quality Mantra: Time, Place, Objective
Customer and potential customer data requirements should drive your design process. If you are not a British Aerospace Design Center, you are not likely to need to provide some of the security frills that they regard as necessities. Just the same, even if your customers today do not require a specific level of security, if you plan to enter a new market or a new level of the same market you are in, you will be glad to have at least planned for an expansion of your data management handling capabilities in order to meet the needs of your potential clientele.
Image via Marketingfacts.nl
Small business and marketing specialist with years of experience in the industry. He has watched as the world of online business has grown and adapted to new technologies.