You have to know whether your data is private, confidential or public before you can assign security protocols and policies that will safeguard that data to the extent required for each level of classification.
Farmington Hills, MI (PRWEB) September 27, 2011
Security is a top of mind concern for CIOs and data center managers. In environments where regulatory requirements play a role, it is critical to ensure that organizational data is safe and secure at every access point. Awareness isn’t enough, though. Organizations must be able to gauge their security preparedness. That’s why Logicalis, an international provider of integrated information and communications technology (ICT) solutions and services (http://www.us.logicalis.com), has developed a checklist of seven key things to look for in a secure IT environment.
“The cornerstone when securing an IT environment is to classify the data that runs through that environment,” explains Von Williams, director of information security, audits and compliance for Logicalis. “You have to know whether your data is private, confidential or public before you can assign security protocols and policies that will safeguard that data to the extent required for each level of classification.”
According to Logicalis, there are seven key ways to know if an IT environment is operating under a “best practices” approach to data security. Using this checklist as a guide is a good start, but Williams warns that IT security is not a static process and controls must be employed to continually assess and reassess the companywide policies and strategies that keep security in check.
Seven Ways to ID a Secure IT Environment
(1) An established security program: Any IT security program must have buy-in from upper management and include an established and communicated commitment from the top down, reaching employees, shareholders and customers alike that demonstrates that this is a company that takes security seriously.
(2) Classified data: To protect the confidentiality, integrity and availability (CIA) of the data in an IT environment, that data has to be classified as private, confidential or public. There will be more security controls around company financial data (confidential), for example, than around a memo about a company picnic (public).
(3) Defined security policies: Policies tell everyone in an organization exactly what to do to protect the CIA of that data. Confidential data may need to be encrypted, and the security policy will dictate exactly what kind of encryption protocol is required to protect something like the company’s sensitive financial data on a user’s laptop. Other examples of security policies include access control, backup, anti-virus, mobile computing and risk management policies to name just a few.
(4) Guidelines for “acceptable use”: It is important to define what is and what is not “acceptable use” of the tools the company provides to its employees; employees should be asked to read and sign the policy before being granted access to the equipment and the company’s network/data.
(5) Companywide awareness: It’s not enough to establish policies and define rules if no one in the company knows what those rules and policies dictate. Every employee should know where the security policies are stored (i.e., the company’s intranet) and how to access them. One way to accomplish this is to hold regular security awareness classes that reinforce the company’s policies. Post signs, send out weekly security email reminders and be sure all employees embrace the idea that “security is everyone’s responsibility.”
(6) Identified risks: A critical step in securing an IT environment is to identify all imaginable risk factors. Clearly, more time will be spent assessing the risk to confidential data than to public data. This is an exercise that cannot be taken lightly; without such an assessment, data remains at risk in ways that could have easily been defined and protected.
(7) An incident response plan: What happens when there is a data breach? It’s not a question of “if” it will happen, but more one of “when.” How will the company respond? A clearly defined process lays out what constitutes a breach, how to identify it, and who to contact to report a data security breach. Once confirmed, IT must act to contain it as quickly as possible, minimizing the impact on the company. Afterwards, a “lessons learned” session will re-examine the process and create adjustments to avoid a similar circumstance in the future.
To learn more, watch “IT Happens Here – Security” – a short video from Logicalis: http://www.us.logicalis.com/knowledge-share/videos/it-happens-here-security.aspx .
Logicalis is an international provider of integrated information and communications technology (ICT) solutions and services founded on a superior breadth of knowledge and expertise in communications & collaboration; data center; and professional and managed services.
Logicalis Group employs approximately 2,500 people worldwide, including highly trained service specialists who design, specify, deploy and manage complex ICT infrastructures to meet the needs of over 5,000 corporate and public sector customers. To achieve this, Logicalis maintains strong partnerships with technology leaders such as Cisco, HP, IBM and Microsoft.
The Logicalis Group has annualized revenues of over $1 billion, from operations in the UK, US, Germany, South America and Asia Pacific, and is fast establishing itself as one of the leading IT and Communications solution integrators, specializing in the areas of advanced technologies and services.
The Logicalis Group is a division of Datatec Limited, listed on the Johannesburg and London AIM Stock Exchanges, with revenues of approximately $5 billion.
For more information, visit http://www.us.logicalis.com.
Business and technology working as one
# # #