Data Security

Stephen Yagielowicz

Data security. It's one of the issues weighing heavily on my mind as of late. With the first anniversary of the September 11th attacks looming near, Americans will be bombarded by a seemingly endless string of prime time memorials, remembrances, and documentaries mourning the loss of so many victims, and indeed, the loss of what remained of our 'innocence.' I wonder though: how much mention will be made of what must have been an enormous — and expensive — loss of sensitive corporate data on that fateful day:

It is a subject that is easily overshadowed by the enormous toll of victims, and the grief of their survivors, but those unforeseen events, inflicted upon one of the world's most sensitive data centers, sent shockwaves running throughout the global economy, the repercussions of which could have been far more severe had so many of the company's involved not invested in off-site data storage and redundant network backups.

Preparing for the unexpected, with a goal of mitigating loss in the face of the unthinkable, should form the basic cornerstone of every organization's data security policy; because you will likely never know where, how, when, or why a catastrophic data loss, corruption, or alteration, might occur. One thing is for certain, however: such a loss can, and probably will occur. If this doesn't (or hasn't yet), then you should consider yourself to be extremely lucky; but is relying upon 'luck' the way you wish to run your business?

Beyond the Firewall
I read an article the other day about corporate data security, where the author likened many company's approach to that of a tasty cream-filled chocolate: what you see on the outside may be a 'hard shell,' but if you bite into it, what you will find inside is a soft, creamy center. This metaphor was used to describe the false sense of security that many organizations feel after installing their network's firewall; as if the only threat to their data came from the outside:

While it's comforting(?) to think that marauding teenage hackers, motivated by either curiosity or mischief, form the basis and extent of your threat, the truth is far more insidious: the greatest threat to your valuable information comes from within your own organization. Whether the result of carelessness, improper training, systems failure, corporate espionage, or the malicious work of disgruntled employees, the very real threats to your data's security are myriad.

Consider the importance of your most vital documents: business and marketing plans, financial reports and revenue projections, customer lists and strategic planning forecasts, password lists and user data — in short, everything that you use to run and profit from your business. Add to this the tremendous responsibility of maintaining and securing personal, personnel information (an often overlooked security problem in today's highly litigious society). Does your company collect or store user's credit card information, social security numbers or any other sensitive customer data? What about online banking and tax records? Is there anything 'irreplaceable' on your 'PC'? The list of digital treasures that must be safeguarded is nearly as endless as the threats that face them: This means that all the information that we assume magically went down some big black hole in CyberSpace is being electronically stored on hard drives and other media:

After the Delete Key
Now consider your "Recycle Bin." It sits there on your 'Desktop' holding all of those unused files that you no longer need, and that you wish would just disappear. All that unwanted SPAM, all of those viruses that came in as e-mail attachments, all of those 'rough drafts' from your latest project. All of your most sensitive personal and business documents and other confidential items that you wouldn't want your mother to see: All just one 'right-click' away from never being seen again: "Empty Recycle Bin" and all your worries and digital debris will spiral round the virtual toilet bowl, flushing out among vast wastelands of discarded data.

But what really happens with this 'discarded' data? It doesn't (in most cases) simply 'disappear;' the tracks on your hard drive that contain the deleted file's data are (usually) simply reassigned as now being available to store new data. If your computer is connected to a network (including the Internet), then your disk drives are more or less accessible by anyone else who is connected to the network — depending upon their level of authorization, skill or knowledge, and YOUR level of security, skill, and knowledge. Remember the candy?

This means that all the information that we assume magically went down some big black hole in CyberSpace is being electronically stored on hard drives and other media, potentially accessible by computer users from all over the world: many of whom do not have your best interests at heart. This is information that is routinely sifted and mined for both corporate and governmental intelligence information on an infinite variety of levels, but now I'm starting to 'talk out of school.' Suffice it to say that the very real threats to your data come from every direction, and it is your responsibility to safeguard it as best you can.

As for me, I'm backing up the important things, burning CDs and securely storing them off-site. I'm also learning more about security, 'how things work,' and trying to figure out why my WinXP box' disk drive keeps diddling around while my router/WAP and cable modem still wildly blink — when *I'm not* using them! Hmmmmm::
~ Stephen