With the prevalence of IT in the modern business world, information has truly become king, and without the reams of data generated on a daily basis organisations simply could not function.
In light of the ever growing volume of data, storage requirements are soaring and much of the information stored is being moved off the hard drives of individual machines and onto servers in order to accommodate demand.
However, while it solves the need for larger volumes, this centralisation of storage has also opened organisations up to a host of issues when it comes to ensuring information is secure, from viruses and spyware to unauthorised access to information, information leaks, and possibly most important of all, the need to adequately back up data.
From a software security perspective it is obviously required to have the right infrastructure in place to protect information, which requires building up layers of protection including anti-virus, anti-spam, anti-hacking and intrusion prevention.
On top of this it is also necessary to have software in place to control access to information, to inform organisations who is accessing what information and who has been authorised to access what. In terms of access control it is absolutely vital that this information be kept up to date in real time so that loopholes are not created when people leave the organisation and their access is not removed. Access to data needs to be strictly controlled, both physically and electronically, with the right permissions in place to ensure that unauthorised access does not occur and organisations can see what is happening to information at all times.
Portable problem
However, access control is made more complicated thanks to the increasing availability and prevalence of a variety of types of portable storage devices, which present huge risk as they are by nature highly portable and are therefore easy to conceal and easy to lose or steal. Some companies may try to restrict the type of memory device that can be used to access the network, however using memory sticks and other portable devices is becoming a standard way of doing business and transferring necessary information, so this is no longer a practical option.
Portable storage devices make having the right security infrastructure in place more important than ever, to protect organisations from all of the same risks that centralising information storage has always posed. Software to prevent the spread of viruses becomes vital, as these devices may be plugged into any number of machines and are therefore highly likely to have picked up a malicious tool at some stage, which needs to be prevented from spreading to the organisational network at the risk of causing serious business damage.
The right skills
At the end of the day protecting information is all about having the right tools in place to ensure access is strictly controlled, threats from malicious software are minimised, and data is backed up with a full data recovery strategy in place in case of disaster. Policies should be put into place around user access and reviewed regularly to ensure that they are kept up to date. It is also vital to ensure certain levels of education in order to understand the ever-changing nature of the threat, so that tools can be updated as necessary to maintain security and the right levels of access control.
Information security is a constantly changing field, and protecting information from the myriad threats in today's world requires an approach that enables organisations to adapt to these changes quickly, minimising risk and ensuring data is as secure as possible.
For more information contact Fred Mitchell, Drive Control Corporation, +27 (0)11 201 8927, [email protected]
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version