"Accessing Confidential Data Securely Is A Challenge"

Dr. Padmanav Moharana, Head NA & ISM, Reliance Communications, in conversation with Biztech2.0 articulates his take on securing the data residing within an enterprise’s IT infrastructure.

What are some of the business imperatives for having a robust security framework for data storage?

Data or information is an asset that enterprises drive business upon. Thus business value means value of the information or data contained in the organisation’s infrastructure. This information needs to be secured at the highest level as leaks in this critical information would cause the enterprise great losses by making their business strategy public.

Thus the imperative is that this data should be secured to the best of enterprises’ abilities.
Can you outline some of the critical issues/challenges concerning the security of storage?

Data residing in an organisation’s infrastructure is being created, stored and accessed everyday. The most critical aspect is access control. This data should only be accessed by people with proper authority and then stored back without any loss in data integrity.

Data storage is a concern especially when you look at the HIPAA guidelines that the healthcare vertical has to comply to. The data contained within these organisations is critical patient related confidential data.

Thus compliance with the various guidelines, depending on which industry the enterprise belongs to, is a rising concern amongst CIOs.

Providing access to critical data in the most confidential way possible is the real challenge.
Can you outline a solution that CIOs can employ to solve this problem?

The explosion of standards like SOX for the financial vertical, PCI-DSS for the payment industry and HIPAA for the healthcare industry plagues this space. Depending on the vertical the enterprise is focused on, a CIO has to adhere to one of these standards.

A CIO then has to start by laying out a policy, building a comprehensive framework, implement the compliance initiatives, resolve post implementation issues and ultimately conduct regular audits. If the CIO follows this lifecycle to achieve compliance, the enterprise can make headway into solving the storage security dilemma.

What in your experience are CIO priorities where storage security is concerned?

The priority when data is accessed, processed and stored is access control: authentication and authorisation. For archived data, which is the type of data most vulnerable to attack, security is a real concern that has to be addressed.

Data security refers to the confidentiality, integrity and availability of the data. Facilitating these three processes in terms of data storage is generally the CIO priorities in any enterprise.