Features

Technologies aimed at bolstering enterprise data protection remain tough to manage, but companies can derive significant benefits if they utilize the tools with a pragmatic approach, said security industry experts.

A recurring theme among the consultants, technology makers, and customers gathered for the US InfoWorld Enterprise Data Protection Forum being held in New York was that the first step businesses looking to improve their information defences must take is to locate and evaluate all of their truly vital records.

If you think about the future, there is a need to be more transparent to gain customers and at the same time protect their information; there's a need to shift thinking and methodology

Phillip Dunkelberger - CEO, PGP

Beyond that assessment process, having the ability to centralize efforts to drive data protection tools and strategies across their entire organizations is a key to their success, the experts said.

From encryption technologies to DLP (data leakage prevention) systems, companies are faced with a range of alternatives for addressing their information management and security needs. Finding the right way to apply the various tools is one of the most crucial issues for most companies today in making headway with their data protection projects, industry watchers observed.

"Unified management is the key; if you look at how you manage this process, you must have a top-down view into operations," said Phillip Dunkelberger, chief executive at US-based encryption specialists PGP. "Most enterprises are trying to solve these problems with point solutions, but that's like playing whack-a-mole; you must look at this issue universally from protecting laptops to archiving and tape backup as well as in managing your custom applications."

As external threats continue to evolve and businesses are presented with new security concerns like smaller, more powerful removable storage drives, IT security teams must try to adopt technologies that will allow them to take a more centralized approach, compared to individual point products, Dunkelberger maintains.

The PGP executive unsurprisingly expressed his belief that the careful application of encryption technologies across an enterprise, among other tools, can provide just the type of top-down, metered approach he recommends.

Installing and supporting all the various pieces needed to improve data protection remains one of the most challenging tasks for enterprises to handle, he said.

"Operations teams have to make these systems work, and work cost effectively — they need to know who to report to if there is a breach and how to respond to it," said Dunkelberger.

"If you think about the future, there is a need to be more transparent to gain customers and at the same time protect their information; there's a need to shift thinking and methodology," said the CEO. "We can't do the same work over and over again. We need to take the opportunity to look at new technologies and sit down with our business partners to advance a plan."

Other experts speaking at the conference said that enterprises are finally realizing that they can no longer focus on perimeter defences alone to protect their sensitive information and that customers are getting a grip on the notion of defending data assets and intellectual capital versus merely attempting to better lock down their networks.

Gerrit Nel, global data security solutions and services development manager at IBM's Global Technology Services group, said that companies should focus on employing endpoint-based technologies that can handle DLP and other security policies.

"It's better to return to the approach of addressing things at the endpoint and then building protections back into the network," said Nel. "Companies need to start looking at the value of the entire data chain; there's a need to get rid of the user aspect of data governance and inform people what they can and cannot do. Endpoints can be multi-user and data can be saved on removable devices, and there's a need for solutions to protect and encrypt data there as a result of those factors."

While many enterprise customers already complain that they have too many endpoint-based technologies in place that create management complexity issues, companies should reconsider what they have installed and look to apply newer tools that offer the same type of centralized management espoused by PGP's Dunkelberger, Nel said.

Another emerging concern for managing data protection is the emergence of SOA strategies within many areas of enterprise IT, said the expert.

Having the ability to push governance policies across those systems will be one key to allowing for the benefits of SOA in the future without creating new security hazards, Nel said.

"Many of the solutions we see today are based on SOA-type architecture and exploit Web services, so we recommend that when looking at solutions companies ensure that they can integrate those applications with their existing business applications and feed their policies in," he said. "Look for vendors that can really help solve these problems and not just point solutions aimed at addressing one part of the process