The compliance payoffs for securing vulnerable information at rest

Most organizations, large and small, are affected by some type of law or regulation dealing with information privacy and security. As I've highlighted in a previous tip, some of the greatest security risks revolve around information at rest. When it's all said and done, virtually every information privacy and security law and regulation in the U.S., Canada, Europe and elsewhere requires in some way that sensitive information at rest (health information, financial information, financial reporting information, etc.) be protected in reasonable ways. It's really the most fundamental of all protection requirements.

Whether the threat comes in the form of malicious insiders, malware or hackers, businesses can't afford to not protect this information. There's simply too much too lose -- especially when it comes to some of the severe fines and jail time associated with noncompliance with recent regulations.

Various proven safeguards and countermeasures exist for the protection of information at rest, but you can't really implement and manage them effectively without some business justification. Ideally, business needs and risk management should drive the need for information security -- not solely regulatory compliance requirements. In fact, recent surveys show that regulatory compliance

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country: Select... Afghanistan Aland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia, The Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Man, Isle of Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine Panama Panama Canal Zone Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands Wallis and Futuna Islands Western Sahara Yemen Zambia Zimbabwe
Email Address:

Do you manage, evaluate, recommend, implement, support or purchase storage products, software or services?
YesNo

What is your average annual expenditure on storage including hardware, software and services?
Please select... $20 million + $10 to $19.9 million $5 to $9.9 million $1 to $4.9 million $500K to $999K $250K to $499K Less than $250K None

What is your role in purchasing IT related products and services? (Check all that apply)
Technical decision maker
Financial decision maker
Determine need
Evaluate products/services
Recommend/Specify
Implement products/services
None

By joining SearchStorage.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Regardless, it's got to be done sooner or later. Here are some business-focused benefits of compliance you can use to sell security within your organization and show that value can be attained by ensuring the proper controls are in place for sensitive information at rest:

I'm a big advocate of keeping things simple and practical. Perfecting the security of your data at rest is not necessary at first and will likely prove elusive moving forward. I challenge you to spend your efforts and budget wisely on the latest 'compliant-ready' products and spend more on the security controls you already have at your disposal.

Focus on the areas that need the most attention (likely the corralling of stray information and improper file permissions) and then create a good plan, show that progress is being made and drill down over time. This will show that your organization is doing the right thing, keep employees on the up and up and help executives stay out of trouble. These are payoffs you can't refuse.

For more information:

Storage vulnerabilities you can't afford to miss

Rate this Tip To rate tips, you must be a member of SearchStorage.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Data storage management,   Data Storage Management,   Data storage compliance and archiving,   Data storage compliance,   Data Storage Basics,   Data storage management,   Secure data storage,   Data Protection,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Data storage management Choosing a storage system for data archiving Green storage best practices control costs, increase energy efficiency Best practices for using server virtualization in your storage environment Best practices for effective thin provisioning Three tips for ensuring a user-friendly email archiving system Top tips when evaluating a storage automation product Guidelines for implementing virtualization in your storage infrastructure The value of easy-to-use SAN storage Pros and cons of storage capacity management tools What are the differences between SATA II vs. SATA I? Data storage compliance and archiving Choosing a storage system for data archiving Mimosa Systems adds case management tool to NearPoint 4.0 data archiving software Mimosa NearPoint, LiveOffice Mail Archive offer hybrid SaaS email archiving approach HP resizes its ExDS9100 scale-out NAS system; finds market broader than original Web 2.0 target New data archiving products focus on software-only delivery, cloud integration Email archiving strategies: Five best practices Email archiving needs soar as e-discovery requests rise Storage Decisions Chicago 2009 Session Downloads Storage Decisions Session Downloads: Data Retention & Retrieval Track (Chicago 2009) Storage Decisions Session Downloads: Storage Systems & Storage Management Track (Chicago 2009) Data storage compliance and archiving Research Data storage compliance Are you ready for new compliance rules? Storage IQ: Compliance Data storage compliance's impact on storage product choices Understanding compliance: Beyond data protection Archiving unstructured data Choosing a compliance archiving tool RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary litigation hold  (SearchStorage.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.