When 'Secure Enough' Isn't Enough - Defining the Difference Between Compliance and Protection

Feb 11, 2013

Download We've all seen the reports about what goes wrong when proper controls are not implemented while storing and transferring data. Large enterprises face messy notifications, customer dissatisfaction and, in many cases large fines. In fact, a data breach in the U.S. comes with an average price tag of $5.5 million, according to a 2011 Ponemon Institute study.

This paper from Imation Mobile Security explains when compliance alone may not offer the protection enterprises need to prevent data breaches that can cost millions of dollars, inflict untold damage to corporate brands and customer relationships, and invite weeks or months of negative publicity. The paper pays special attention to the difference between FIPS 140-2 Level 2, a standard of protection that meets the vast majority of compliance requirements, and FIPS 140-2 Level 3, a significantly higher level of protection designed to put sensitive data beyond the reach of a much larger population of hackers and thieves.

Sometimes, secure enough for compliance just isn't secure enough to protect valuable assets like corporate or customer data. Once your organization assesses the real cost of data loss to your business and your future, then you may well realize that compliance alone is no longer your primary concern. And if the price of data loss is significant - in dollars, intellectual property, or reputation - the added investment of a stronger USB store device easily makes sense.