"The proliferation of news stories about data breaches has been astounding," said Chand Vyas, chairman and chief executive at Mobile Armor.
"On one hand, it is tragic that the real costs are often outweighed by the heavy toll on an organisation's credibility.
"On the other hand, it is ironic that these debacles could have been avoided at a fraction of the expense and effort with just a little diligence beforehand. "
The resolutions are designed as a guide for chief executives, chief operating officers, chief information officers and chief security officers to help make data secure.
Mobile Armor's Top 10 New Year's Resolutions:
1. Make sure the enterprise security approach is data-centric, not device-centric. Security solutions should be designed to protect data, no matter what kind of device contains the data.
2. Companies should invest in a central management console for all computing and communications devices instead of juggling multiple management screens. For companies with hundreds or thousands of employees in multiple locations, no central management means a security perimeter full of holes. Multiple point solutions, each with their own console, increase the odds of errors or failure.
3. Ensure that security applications provide 32-bit, whole-disk data encryption and pre-boot authentication. Security applications should offer the option of encrypting every file on every sector of the hard drive, including deleted files, temporary files and other data at rest.
4. Despite best intentions, devices get lost or stolen. Make sure that administrators are able to do a remote data wipe or lock the device from a remote location. Proper encryption of a mobile device will help protect the data in the event of loss or theft, but the ability to wipe the data clean or lock the device from a central location gives added peace of mind that data is unavailable to anyone but the authorised user.
5. Make sure that removable media and USB devices can be secured. USB devices, such as iPods, Flash drives and thumb drives, along with removable media such as CDs, DVDs and external hard drives, have introduced a whole new front in the war for corporate security. Security solutions should give three options: block the USB ports; encrypt a file/folder, or encrypt the whole USB device.
6. Make sure that security solutions are transparent yet visible so that users do not bypass it. Transparency does not require users to do anything beyond logging in, so they do not interfere with everyday tasks or impede productivity. Visibility gives users confidence that their data is protected and serves as a deterrent to would-be hackers.
7. Ensure that mobile devices stay in touch and stay in compliance. The security application should ensure that mobile devices such as smartphones, PDAs and laptops stay regularly connected to the network so they can download the latest security policies.
8. Make sure that security applications provide the logging and reporting needed to comply with data security regulations. To comply with state and federal data security regulations, security applications must log everything that happens within the security environment.
9. Move away from point solutions towards an integrated, comprehensive solution that offers encryption for wired and mobile devices, antivirus, firewall and VPN security. Security threats can come from many different sources. Most enterprise security solutions on the market today are still a single-point solution. The problem is that a collection of even world class point solutions does not allow organisations to create one set of encryption and authentication policies and apply them simultaneously to a wide variety of wired and wireless devices.
10. Future proof the organisation's security. The data lies in an enterprise environment that is constantly changing. For example, who worried about the vulnerability of USB devices three years ago? No matter what kind of devices might become popular in the future, a security solution should be flexible enough to encrypt and protect the data inside those devices.
New Year resolutions for security managers
By Clement James on Jan 15, 2008 7:28AM