Never Lose Trust: Protect Customer Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CIO Insights & Innovation
Security & Risk Strategy
Team Building & Staffing
IT Strategy
Digital Business
Project Management
Programming Languages
Dr. Dobb's
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Network Security
Careers & People
Threat Intelligence
IoT
Attacks & Breaches
Application Security
Cloud Security
Endpoint Security
Mobile Security
Perimeter Security
Risk Management
Operations Security
Analytics
Vulnerabilities & Threats
Security & Risk Strategy
Infrastructure as a Service
Platform as a Service
Software as a Service
Cloud Storage
Data Centers
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
AI/Machine Learning
Big Data Analytics
Hardware/Architectures
Software Platforms
IoT
Networking
Wireless Infrastructure
Data Centers
Cloud Infrastructure
Careers and Certifications
Network Security
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
Industries
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
IT Life
Careers
Mobile
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
Software
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Software // Information Management

Never Lose Trust: Protect Customer Data

The information age has its dark side: data theft and privacy breaches. The proactive approach to safeguarding customer information starts with encryption for mobile devices. Next, consider the extra security measures implemented at Sharp Healthcare and Zions' Bank.

Few things damage customer trust more than a breach of confidential information. Consider that in a survey of consumers, the Ponemon Institute found that 60 percent terminated or considered terminating business with companies that notified them that they had mishandled their private information. Data breaches also have a real impact on the bottom line: $182 for each lost customer record in direct costs, lost productivity, and lost customer opportunity, according to Ponemon.

Historically, businesses' approach to managing data security risks has been more reactive than proactive. "Most organizations have been plugging holes," says Rich Mogull, a research vice president at Gartner Research. But as the risks have escalated, attitudes and approaches have started to change. "Particularly with the new disclosure laws, there is real money involved," says Mounil Patel, vice president and research director at AberdeenGroup. "People are losing their jobs, and when CIOs are worried about losing their jobs, they are more proactive."

A proactive approach to data breach and customer privacy protection starts with encryption of mobile devices, but organizations are also turning to automated monitoring, data discovery and beefed-up authentication technologies to add an extra layer of security. Read on to learn what Sharp Healthcare and Zions' Bank are doing to put company executives and, more importantly, customers at ease.

The Problem of Portability

More than 90 percent of all breaches result from the loss of electronic information (versus about 9 percent for information in paper form), and the single biggest vulnerability is the loss of laptops and portable devices including removable hard drives and thumb drives (see "Breach Source," at left). A security policy that includes rules on storing data on mobile media as well as physical, device-level security mechanisms is important. However, when device loss does occur, PGP (pretty good privacy) public key encryption remains the strongest defense against data loss. Equally important, it gives a company an exemption against disclosure laws.

"Just encrypt the freaking laptops!" says Mogull. "If you have sensitive data, it's a no-brainer."

The use of encryption is increasing (see "Use of Encryption by Data Type," at right). However, encryption is still complex, expensive to deploy and difficult to manage. Rather than practicing full-disk encryption, some organizations are adopting newer approaches in which a rights-management layer is added to the encryption process. As sensitive information is created or as it is accessed from core systems, it is automatically tagged as such, and only then is it encrypted and tracked.

"Where traditional approaches to encryption don't work well is where people have legitimate access to the data," says Patel of Aberdeen. "If users have to hit a button every time they create a spreadsheet, they will get irritated. We are still early in the adoption curve [of automated encryption] because it requires thinking to put together policies, but the trend [in usage] is definitely upward."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
Editors' Choice
Commentary
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
News
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Download This Issue!
Slideshows
Flash Poll