Pay Extra Attention To Security Clauses In Vendor Contracts

In conversation with Biztech2.com, Subhojit Roy, Head-IT, SBI Funds highlights some of the key best practices for data protection. He believes that an ideal data protection strategy is a combination of technical and human facets.

Data protection is critical to the financial services sector? How can the CIOs ensure proper data protection in the enterprise?

It is essential for CIOs to not only protect data but also maintain the integrity of data. In order to ensure that data is secured, a CIO needs to know who is accessing the data on a timely basis.

In addition to implementing suitable data security software, some non-technical regulations such as security bonds should be put in place. Security bonds essentially mean company rules and policies that outline security measures. The staff should also be educated on the ramifications of not following these policies.

What holds the key to an effective data protection strategy?

A good data protection strategy should be a combination of two important facets. First being the technical aspect of controlling and managing data access and the second is creating awareness among the staff about critical data, and who should have access to a particular set of data.

A CIO should also ensure proper security clauses in agreements or contracts signed while outsourcing work or dealing with vendors.

Critical data can also leak when people quit the company. What can be done in such a scenario?

At present in enterprises, people and technology are dependant upon each other. Every IT application and system needs a human support and there are times when critical information is shared with people either because they need it or they look after it.

Data security can go for a toss if any person accessing this data leaves the organisation and happens to misuse that data. The company should keep track of the employees who have access to critical data in the system. The HR department should also play its role and ensure employees are content with their job profiles and there is no room for de-motivation.

So, it is a joint effort from the management, HR and IT department. If all of them come together and work with tact and co-ordination, the company can keep its people happy and its data secure.

Is integrated life cycle management a good approach for enterprises?

Integrated data life cycle management is at a nascent stage in India. At present enterprises are practicing a silo approach for managing data, which is entirely different from integrated life cycle management. If enterprises start practicing integrated approach, it can strategise their data management approach and get a holistic view of the data system.