Increasing amounts of remote and mobiles sources, different formats and value of information, coupled with the rising costs and financial penalties for failure is increasing the challenge of protecting business critical information
(PRWEB UK) 20 November 2012
The challenge of protecting business critical information has never been greater, this is due to the increasing amounts of remote and mobile sources, different formats and value of information coupled with the rising costs and financial penalties for failure.
Most important of all, earning a customers' trust by securely managing their private information is essential to keeping and growing market share in the modern economy.
Securing information capital throughout the document lifecycle preserves the trust customers place in a business to protect their personal and private information - and potentially grow the relationship. Comprehensive information governance also helps mitigate the cost and risk of non-compliance with growing business information regulations.
Here are five best practices that any business should employ to help realise the benefits of comprehensive information security governance:
1. Define information access based on user credentials –access to business information is best governed by role-based authentication of individuals or groups. Authentication can include password or ID cards validated against user directories such as offers Kerberos, LDAP, Microsoft Active Directory or Novell eDirectory Authentication. Permissions can be restricted at the document or folder level, by application, or at the device, by function, e.g. fax, copy, scan, print and colour or BW.
2. Extend security policies to the edges of the enterprise - a comprehensive security policy optimises and manages device security features and usage. Protecting the core of an infrastructure must be accompanied by adequate defences at the periphery, where business information is input, output, and cannot be left unmanaged. Remote monitoring and reporting tools can assist in consistently managing diverse, distributed devices across the global enterprise.
3. Encrypting business data on devices - encrypting business data is a given, but there are points of vulnerability specific to devices where encryption is frequently overlooked or not consistently deployed. Some of these include: storage of user IDs, passwords, and address books, S/MIME protection for scan to email, and PDF password encryption, encryption of all data stored on the device hard drive and NVRAM, and of course all network communications with the device, e.g. secure socket layer and network layer encryption.
4. Monitor security across the entire document lifecycle - a security policy protecting business critical information must cover its input, movement throughout the business, output, and storage (including secure scheduled destruction). Administrators need visibility into the document lifecycle and should be able to track and record all activities at each stage. An audit trail should include traceable information that contributes to compliance reporting and alerts you to potential information security threats.
5. Secure destruction of information on the device -scanned, copied, and printed documents remain in the non-volatile memory of input/output devices. Businesses need the ability to overwrite stored business information so that it is unrecoverable or irretrievable based on the need for compliance with various information privacy/security requirements and laws.
For more information take a look at Five Guidelines. One Direction for All CIOs