[BreachExchange] Steps To Keep Data Secure And Compliant

Mon Aug 1 18:41:17 EDT 2016

http://www.cxotoday.com/story/steps-to-keep-data-secure-and-compliant/

It can be notoriously hard for organizations to govern their entire data.
Governments all over the world have started taking the job of protecting
consumers seriously, especially in industries like banking, healthcare and
telecom. Over the last few years, they have opened their eyes to the
pressing issue of data security and poor management of sensitive
information. In particular, organizations in India have witnessed stricter
data protection and privacy regulations with high penalty for breaches due
to an increase in the number of security breaches.

What does it mean for your organization?

Compliance audits and litigation are two events no company wants to face.
These regulations have led to a steady stream of confusing laws and rules
coming from all directions.  Yet, any realistic organization across
industries understands that they need to stay prepared. Or else, you may
face a risk of facing legal action which could result in fines, penalties
and loss of trust.

You do not want your legal team walking into a proceeding where the other
side has documents you didn’t even know existed. Yet, cases just like that
occur every year at an enormous cost. There are several ways in which an
organization can ensure that your data is secure and refined to access it
easily when required:

Intelligent data indexing: Organizations tend to hold on to all data at
potentially high storage costs and with massive inefficiencies. When
required to place a legal hold on company information, it’s observed that
few enterprises have the fine-grained indexing and classification which
enables them to store only relevant data. Simply archiving data won’t
deliver the intelligence you need to transform your business. To truly
illuminate dark data, you need an archive with intelligence. An enterprise
must index structured and unstructured documents from a variety of sources
such as file systems, intranets, document management systems, e-mail and
databases. This makes it easier for a user to search for your data, thus
making it easier to find it in time of need. This also helps enforce
security by providing limited access control based on the employee’s role.
Ultimately, it is the intelligence that will manage storage growth, capture
data comprehensively and provide users with simple self-service access, all
while managing it throughout its lifecycle for lower compliance and
litigation risk and cost.

Store only information that matters: The best way to do this is to be
proactive with comprehensive search and electronic discovery (eDiscovery)
capabilities. This will give your organization the confidence to know that
you will always find the information you need to satisfy internal search
requirements or respond to external eDiscovery requests. Many enterprises
are investing in effective intelligent and easy-to-use software which
allows them to hold exactly the information required across any system,
device or data type — and store it in a single, accessible repository.

Regular assessments: Most legal challenges require the involvement of
external legal resources. However, hiring people outside counsel can be
very expensive, especially if they need to sift through an entire data set
to find the relevant information. Instead, identify and narrow down your
data sets regularly so that you can hand over only the information your
external legal team needs with full assurance of accuracy, validity and
completeness.

It is far better to move to an environment that has data and information
management built-in, one where the various regulatory demands placed on an
organization can be dealt with by building a set of rules over the
platform, rather than building new platforms every time a new requirement
is identified.

On such a platform, information can be regarded as a single pool of
resource as it not only enables better compliance, but also creates an
environment where decision making is more rapid and more effective,
providing greater competitiveness in the market. Ascertain your
requirements and consider a framework which can address and sustain
technical aspects of your organization in the long run.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160801/0e087531/attachment.html>