Governance And Compliance Should Be Built Into The IT Architecture

Vaibhav Patkar, CSO, Zenta, in conversation with Biztech2.com, gives a holistic view of the techniques of data security and also suggests that companies should opt for integrated Data Lifecycle Management.

What is the key to an effective data security strategy?

Any IT strategy depends on the business. Let’s take an example of the software providers. The whole software market has shifted from CDs to virtual platforms; anyone can download software from the internet. In such a scenario the software provider should regulate a policy that after five downloads, the next download should be charged or it should just restrict that download.

Hence, the data security strategy should align with the business requirements and the security policy also drafted keeping the business need in mind.

What best practices would you suggest for data protection?

The first and foremost step is to make employees in the organisation aware of the sensitive data. Secondly, there should be governance and compliance built into the IT architecture. With governance initiatives in place, the company can issue a security policy, which authorises access to the data, who should handle it and how it should be done. With compliance on the other hand, the regulation of the policy can be taken care of.

Apart from this, one can also use DRM (Digital Rights Management) in the enterprise. This technique allows automatic deletion of certain amount of data after a given time and date. CIOs can rest assured with a strategic governance and compliance plan, and effective DRM in place.

What about Data Lifecycle Management (DLM)?

For some businesses the data requirements are for a lifetime, like in the telecom industry
where business is completely dependent on data. Added to this, the stringent government regulatory requirements around data. This requires the telcos to adopt an integrated data lifecycle framework. In an unfortunate situation where the company fails to secure the data or even worse fails to provide the data at all, and the government asks for the records, the company can get penalised. Hence, DLM is a necessity. Other verticals like healthcare and insurance are also taking this up.

Besides DLM, what are the other data security measures?

Apart from DLM, many companies are securing their data by archiving and storing it on another premise. Many companies are also storing their data on physical discs and keeping them in a different location. If in case the virtual servers are down they can recover their data from the physical device. At present, most of the companies have started storing data on both virtual servers and physical devices, though mostly data which is highly critical and relevant to the business. I think it’s a good practice and it causes no harm to the enterprise.