By Yoran Sirkis, CEO of Covertix
Quick. Just in your head – try to count all the places your corporate data may reside – network, cloud, corporate and private mobile devices, laptops, NAS, SAN, flash storage, USB drives, your employees’ home computers. Oh, and let’s not forget that your suppliers, lawyers, consultants, and clients all have multiple networks, too (plus their lawyers, consultants – it goes on and on).
Simply based on your data volume and its potential location (and don’t forget that you’ve got multiple versions out there), you really need to get a handle on finding it. If you don’t know where it is, you cannot protect it.
Most forensics tools include a document discovery feature, which will help you find your digital assets. Business is fluid, and the information that’s in the network today may be on the cloud tomorrow, or shared with third-parties for insurance processing, bill printing, or legal review.
Not only do you need to identify your files, but you also need to analyze the information according to context and location. Your protection needs to follow the data wherever it goes.
Tracking your data can also give you a better handle on what your spending to keep where. While the prices of flash storage have plummeted significantly, it is still a more expensive option. What if last year’s designs are still in the flash system, and this year’s designs are being stored within the traditional NAS infrastructure. Not only doesn’t this make sense on a time to access level, reducing productivity, but last year’s files don’t need the same level of protection that the new designs require.
Of course, being able to find your data gives you the ability to protect it when it goes AWOL. Healthcare organizations, government agencies, financial institutions, and most major organizations are attacked at least a few thousand times a day, if not per hour.
If your data is suddenly on an unknown network, accessed at the wrong hour, and/or opened by an unauthorized person, it needs to have full protection in place, ensuring that the data encryption prevents access to “real” information.
Your system should work the same way with authorized people. You are supposed to only be able to access personnel information from the network between 8 a.m. – 8 p.m. You didn’t finish what you needed to do, though, and sent the file home – you’re an authorized person but you sent the data somewhere it shouldn’t be and tried to open it during non-designated hours. If your data protection system is up to snuff, you won’t be able to open that file.
Don’t confuse data security with network security. Mobile devices, firewalls, and applications all do need significant protection. But if you aren’t protecting your data, too, when something fails, all can truly be lost.
Yoran Sirkis is CEO of Covertix. Covertix offers SmartCipher, which lets you find, know, classify and protect sensitive information as it travels, fortifying information access control in real time with complete confidence. www.covertix.com