IT’s Priorities on Data Privacy Day

IT Risk Is Not About IT – It’s About the Business

Each January 28, Data Privacy Day is observed, with business owners and managers, vendors and concerned citizens taking time to raise their awareness of the most up-to-date approaches to keeping their companies’ and their own data safe. It’s an education effort that feels especially urgent this year, given the public’s focus on how their data is handled by the companies and vendors they have dealings with, not to mention the government and their own employers.

Today, with all of that being the case, I spoke with Jay Livens, director of product and solutions marketing for Iron Mountain, about the current state of data protection and IT’s priorities for the coming year. Iron Mountain recently conducted a survey of IT professionals that found that “with 68 percent probability, … data loss and privacy breaches are the most prevalent concern for IT leaders over the next 12-18 months.”

A major factor behind this level of concern about data and privacy risks is that “the common thread we see all over is data growth,” said Livens. “IDC’s most recent data indicated 38 percent to 40 percent data growth, or a doubling every two years, but backup infrastructure is not growing at the same place.”

That growth in the volume of core data, plus retention schedules of seven years or more for some data, explained Livens, is compounding the risk, and the challenge of simply storing the data satisfactorily and in line with compliance requirements, year after year. When the budget isn’t growing, IT must still answer the question of how to store data securely and prevent unauthorized data disclosures. One way enterprises are approaching this aspect of the challenge is with a hybrid strategy that combines disk, tape and perhaps cloud storage. With the exponential growth of data volumes, said Livens, new use cases for this type of hybrid storage solution are arising regularly.

On the data security side, Livens provided a list of 10 key strategies for IT professionals charged with data protection and privacy measures for 2014. The strategies should be taken as a whole: “We have to take a holistic view of the enterprise. We can’t shine a spotlight on one area, such as securing mobile devices and usage, or we risk losing sight of what else is happening across the enterprise. We must be sure we’ve got a complete view of how to protect information,” Livens advised.

1. Encryption is key. Make sure all of your data is encrypted – whether it’s information you keep in digital storage, tape, or on your employees’ mobile devices. Wherever there is sensitive information, there should also be encryption.
2. Manage mobile devices. The ever-mobile employee of today can have a lot of sensitive information on their phones and tablets. Make sure you have a mobile device management solution or policy in place to protect those devices, whether corporate or employee-owned.
3. Out with the old.  Ensure that comprehensive corporate policy accounts for the secure destruction of old and sensitive company, employee and customer information.
4. Store smart. You should always know how your information is secured – whether it’s in the cloud, in a data center or housed locally. 
5. Plan ahead. Make sure you have an end-of-life plan in place for assets you no longer need or that will be destroyed. People tend to hold on to information for longer than they need. Make sure you dispose of IT assets in a safe and consistent manner to protect from a potential data breach.
6. Password protect. Use complex passwords, change them frequently and use two-factor authentication whenever possible.
7. Virus protection. It seems like a no-brainer, but keeping up-to-date with virus protection is a great way to keep data safe.
8. Don’t forget firewalls. Firewalls and intrusion detection are also a key piece of the data privacy puzzle.
9. Privacy is the best policy. Create an enterprise-wide policy to protect private information from unauthorized access or inadvertent disclosure.
10. Education nation. Properly train your employees to treat information appropriately, and make sure everyone is up to speed on the latest policies and procedures.