I recently had the opportunity to author an article for CMSWire discussing the importance of understanding what data an organization holds in order to properly protect it.
Security isn’t a standalone concept — it also involves mitigating risk at some cost. And in the absence of metrics, people tend to focus on familiar or recent risks. Which means we end up acting reactively rather than proactively.
Rather than waiting for risk to arise, understand how data, people and location (both system location and geographic location) create patterns — both good and bad — across your organization. The center — or pivot point — of that strategy should be around the data that you hold.
So let’s contemplate the life of data within your organization. Whether data is created within your organization or collected from a third party (customer, vendor or partner), the only way you can effectively protect it is by understanding it. What is the data? Does it contain customer information, employee information, intellectual property, sensitive communications, personally identifiable information (PII), protected health information (PHI) or financial data? The list can become quite extensive.
All companies create and hold sensitive data, and there’s not anything inherently wrong with that. But once you know what the data is, where it is, who can access it and who has accessed it, can you make decisions about where it should reside? You probably don’t need to put the same security protocols around pictures from your company picnic as you do for your customers’ credit card information. Understanding your data is crucial when determining how it needs to be protected.
To read more about protecting your sensitive data, please visit CMSWire.
To learn how AvePoint can help organizations mitigates privacy, information security, and compliance risks across information gateways, please visit our website.