Data Security Hinges On How Employees Manage Data

What is the biggest concern for CISOs when it comes to data privacy and security?

CISOs have to constantly work towards ensuring a ‘secured state’ in an organisation. Data privacy and security is a wide term and there are multiple challenges that security personnel have to face. I believe the biggest concern is constantly making sure that data is always available to the authorised personnel and yet, denied to the rest of them.

Can you share best practices that CISOs should follow to ensure data security?

According to me, people play a very important role and the extent of data security in an organisation hinges on how they manage data. So creating adequate awareness amongst the employees is the key. This should be supplemented with proper processes and technology. I strongly believe that just having technologies in place is not enough. Employees should be trained and awareness must be created about the perils of not following security policies. Otherwise it just negates the entire exercise.

What are some of the new age data threats that enterprises need to beware of? How can enterprises safeguard their data against these threats? What are the different technologies that are available in the market for them today?

There are several ways by which data can be shared, deleted, stolen or lost. With the advent of new computing devices, confidential and sensitive data exists almost everywhere. While there are several technologies available in the market, encryption, tracking, remote wipe, etc., in addition to a suitable DLP solution, would minimise the risk to a great extent.

Enterprises are increasingly going social. What challenges does it throw up in terms of managing privacy and security of data? How can this challenge be addressed?

With the emerging social networking culture, it is a great challenge to ensure that there is no leakage of sensitive and confidential information. It has been observed that most data leakages happen inadvertently, due to negligence or lack of awareness. So investing in awareness training sessions and campaigns on a regular basis is the key.

With data explosion in enterprises, do you think an incomplete understanding of where, and what types of sensitive data exists across the enterprise is increasingly becoming a key issue for the CIOs?

Despite data explosion and a proliferation of devices owing to BYOD policies, CIOs do have a fair idea of where the data lies. However, it is a challenging task to keep an accurate track of data in motion. For example, I will send out an email to a legitimate person. I know the impact of sending that information to him. However, I have no control over whom he forward that email to. I cannot track that.

This is where Rights Management Software (RMS) can help. It can control flow of data and ensure that data is not printed, copied or forwarded. This is something we have implemented and it has helped us in our endeavour to secure data.