Data Protection

Data Protection is rapidly becoming the most important issue for all organisations. This isn't just protecting the data in the event of a system failure but also protecting the data from getting into the wrong hands.

With data being moved onto systems that store multiple copies of the data with real-time mirroring between multiple sites and a history of all data being stored, system failures are becoming less of an issue.

The main issue is any data getting into the wrong hands and then who owns the data.

The physical transport of data is rapidly being phased out to protect against USB sticks or hard drives being lost or a laptop being stolen.

Everything is moving to cloud based and contained within the organisation to make sure that both parties are protected. These cloud based systems can be on closed data networks meaning their is no external access, on the Internet, to the data.

There is no right or wrong with data protection as this depends upon the organisation and what type of data.

Here are a few examples of data breaches:

E-mail:

- An organisation uses e-mail for sending confidential data between users. Unless this is a closed system, this is one of the lease secure methods of communication because the e-mails pass through multiple hands to reach their destination and can be intercepted at any stage.

- An organisation uses e-mail for communication. For convenience some of the recipients have the e-mails being forwarded to their personal e-mails. This is a problem for many reasons including the fact that as soon as the e-mail leaves the organisation's system it is no longer the property of the organisation, it becomes the property of the mailbox owner. If the personal mailbox is a shared ("Family") mailbox then unintended recipients will view the e-mails. If someone leaves an organisation but has been communicating with a client from their own mailbox they may continue communicating with the other party without them knowing that the person is no longer working for the organisation.

Files

- A lot of people use web servers for sharing data. This is fine but web servers are designed for public access and therefore sharing confidential data in this method is not the most secure. The solution to this is Cloud Storage which is secure and encrypted to make sure that only the intended people have access to the data.

- Depending upon the organisation's security policy, it may be that the data is such that it must never leave the organisation's premises. In this instance setting up on-site cloud servers is the solution because people can work on their files from remote, without carrying data around with them that could be lost, yet it never leaves the organisation's premises. An example of this may be a school which has data relating to children that must never leave the school premises.