In a recent article entitled “Securing Information for a Shared Services Infrastructure”, Richard Freeman from Ricoh Canada talked about the need to secure information as companies share it internally and externally. The focus of the article is how an organization must look at balancing the need to efficiently share information without compromising privacy, protection of intellectual property and other sensitive data, or financial and legal risk.
As is evident from all the news about data breaches and cyber threats, the challenge today is to thwart the bad guys from stealing your sensitive data. While many organizations still focus on protecting servers, networks and end-point devices, you have to secure and control the information itself. Since most of the data created today is unstructured content stored in documents, protecting the documents from inadvertent or malicious access should be the primary goal to ensure that authorized users can collaborate efficiently and securely.
The answer lies in the infrastructure design using two foundational layers – data and people.
Information can be protected at the data layer by securing and controlling it regardless of where it is stored, how it is transported or the way it is consumed. This data-centric approach emphasizes the security of the data itself rather than the security of networks, servers, or applications. Using a data security framework allows organizations to protect, control and track their data regardless of its location and assign policies and granular permission control to accommodate secure sharing in a dynamic business environment.
A data security policy should maintain a balance between security and productivity to allow different users to perform business operations on multiple devices without interruption. This is why security policies on data should be people-centric. The policy should be flexible and dynamically enforced based on rich context including content, user, device, time, and location. Even though a flexible policy is in place, organizations need to allow exceptions to minimize productivity issues. Data security policies are constantly challenged by the unpredictable nature of data usage in a business environment. The data security framework has to support dynamic changes that permit exceptions to allow people to do their jobs.
Properly applied, this framework allows secure collaboration in the office or while mobile, protects against insider threats and allows the flexibility to meet the requirements of a constantly changing business.
Photo credit WOCinTech Chat