Global Financial Strategy - A new model for global data security

Global Financial Strategy

Search the site >>Advanced search

First for financial regulatory news and views

A new model for global data security

Thursday 8 September 2011 - by Phil Gardner

Phil Gardner, co-founder and chief executive officer of security and risk management firm IANS, says financial firms need to take an alternative approach to data security and must accept that some information will be compromised.

The first half of this year witnessed an unprecedented number of data breaches. Some of the most well-known and respected multinational companies including Sony, Morgan Stanley, Citigroup and RSA, were among those attacked and breached.

We also saw incidents resulting in the loss of personal data from government agencies in Texas and Massachusetts in the United States.

Given this dangerous environment, what can be done to protect an organisation's most vital data? Can we defend ourselves from this new, smarter, and more aggressive attacker? Fortunately the answer is yes, however it will require a new approach to data security.

For years the mindset of security executives has been that of guarding a fortress or protecting a bank vault. The information security ideal was to build as strong and as impenetrable a network as possible.

However, any outside facing network can eventually be breached by a determined attacker with the right combination of smarts, patience, motivation, and resources. Information security professionals are now starting to understand that the model which has been in place for years is getting tired.

Related articles:

Does the answer to hackers lie in our youth?

Security must be top priority for finance execs

Cyber security a priority for institutions

UK Treasury tells of daily cyber attacks

Senator demands action on cyber security

So how about a new model based on two simple concepts? First, accept that attackers will break into your network and, second, realise that your primary goal is to limit what data can be compromised and extracted. By adopting and implementing this model, security professionals can focus resources on protecting the data which is of greatest value and would cause the most harm if compromised.

A philosophy similar to this new approach is retail loss prevention. Retail organisations have known for years that preventing theft was impossible.

They developed the philosophy of shrinkage which acknowledges the inevitability of loss while prioritising protection of the most valuable merchandise. It is only logical that securing a $5,000 watch is much more important than protecting a $3 pair of socks.

With some work, the retail loss prevention model can be adapted for information security purposes. Just as retail organisations do, security professionals will need to decide what data is most critical and thus deserves greater protection. Much like the expensive watch, an organisation's most valuable data must be identified and have stronger security measures developed to ensure its protection.

Article pages: | 1 | 2 |

WHAT DO YOU THINK?

Name:

Email:

Comment:

Post as	Anonymous
	Display name

Please, enter security code

No comments yet.

Login	Register	Most read	Most commented
Username Password >> Remember me >> Forgotten your password? >> Sign Up GFS is pleased to offer you a two-week free trial. You will receive a daily email bulletin of the latest regulatory news and analysis and a weekly email round-up. Please complete the free trial form. You will also receive full access to our online site.

EDITOR'S CHOICE

INTERVIEWS & FEATURES

STRAW POLL

Will markets in 2012 have a tougher time than 2011?

FIND A REGION world regions