Monday, May 15, 2006

Information Security in the Internet Age

Utility Computing Helps Secure Your Data

The Internet and computer networking has introduced a wide variety of opportunities and capabilities for businesses and individuals around the world. Removing geographic boundaries and mitigating the effects of time and distance are benefits that the “connected” lifestyle affords. More than ever, businesses outfit their personnel with the mobile tools of the trade: laptops, cell phones, PDA’s - helping to keep their workforce productive at all times whether online or off. However, with increased mobility and access comes increased danger of loss or exposure of sensitive information.

Many business owners believe that the threat comes exclusively from outside the company, in the form of computer hackers performing illicit activities for no good purpose. The increasing danger of illegitimate software, virus’ and scams, and network intrusion is definitely something to protect against, and is well worth an investment in technology and process to do so. But the problem does not always come from outside the company and, in fact, may be the result of “normal” business operations or processes.

There has always been a fine line between securing business information and providing access to that information for the workers who require it. In order to achieve maximum productivity, workers are encouraged to be able to operate whether “wired-in” to the business or not. This means that mobile workers are often expected to perform required tasks from a variety of locations and frequently without direct access to information stored at the business location. The result often means the duplication and/or distribution of data – copying information to a mobile device so that it may be used while off line or traveling. It is unfortunate that in recent years there has been a significant increase in reported incidents where mobile computers, such as laptops, have been lost or stolen, possibly exposing a great deal of personal and proprietary information.

A business has a requirement to not only protect its valuable company data, but there is information embedded in those systems that impacts individuals, as well. Employee social security numbers and other personal and employment information, customers, vendors, bank information – all represents information that can extend beyond the direct reach or impact of the business immediately involved. When such an event occurs, providing notice or communication to potentially effected individuals becomes very, very complicated.

The watershed event with respect to such disclosure was the announcement made on February 15, 2005 by ChoicePoint. Choicepoint is “one of the largest data aggregators and resellers in the country. It compiles, stores, and sells information about virtually every U.S. adult – to the tune of 19 billion records. Its customers include employers, debt collectors, loan officers, media organizations, law offices, law enforcement, among others…”.

Instances of data breaches continue to top the headlines, with additional examples reading “Ernst & Young has lost another laptop containing the social security numbers and other personal information of its clients' employees. This time, the incident puts thousands of IBM workers at risk” and “Santa Clara antivirus software maker McAfee warned 9,000 current and former employees in a letter dated Feb. 17 that a compact disc containing their names and Social Security numbers was lost. An employee at McAfee's auditor, Deloitte & Touche LLC, left the unlabeled, unencrypted CD in the seat-back pocket of an airplane, along with some music discs, on Dec. 15, said spokeswoman Siobhan MacDermott. Deloitte confirmed the loss.”

With increased awareness of the need for information security and confidentiality, and complicated by the need to provide flexible access to business data, companies are faced with an entirely new set of technology challenges.

The utility computing model can help meet the challenge of providing access to system data and applications, while keeping the entire network secure and under control. By managing the data and the applications in a centralized, secure network environment, only those who need access are afforded it. By keeping all the data and the applications with a secure ASP, the requirement to distribute data to individual machines or devices is significantly reduced, if not virtually eliminated. Users who require access to information need only connect to the ASP via the Internet. From anywhere and at any time, users may access the centrally-stored and managed applications and data they require to perform their tasks and continue to produce for the business. No more copying data to disc, no more leaving data on laptops or PDAs. The secure, online working model represents the answer to many of these security issues and at the same time satisfies the business requirement for mobility in the workforce.

No comments: