Extract from article by Dana Simberkoff
While we’re helping information workers access data quickly to perform tasks, they’re often not armed with the right information, technology or training to do so safely. This is a tremendous task for IT administrators and organizations at large, but also a tremendous opportunity for security and privacy professionals to help the organization collaborate, contribute and innovate in ways that are secure.
Essentially, ensuring information is available to those who should have access to it, but protected from those who shouldn’t, is key to maintaining a healthy dataset, even in controlled environments. And ensuring this boils down to making sure you have visibility.
Organizations must consider data across all information systems and gateways, whether unstructured or structured. Don’t focus only on “building walls” around the perimeter to keep people out and keep information in. The challenge with this approach is that as you build a 10-foot wall, your opponent brings an 11-foot ladder. By the time disaster strikes, you may not be able to adequately assess or understand your corporate risk.
Don’t fall into the illusion of security by obscurity. Instead, have a solid understanding of all the data you hold. At rest or in motion, data sits in complex database-driven system, flows through file shares, websites, web applications, SharePoint sites, communication systems and social systems.
By thinking holistically about managing compliance and maintaining data visibility, the walls become less and less penetrable.