MicroScope
Search our Site
.
Your info, your liability
  

Mike Howse

 

8 August 2008

 

Since modern businesses are data-centric, partnering with another business will almost always require you to share some sensitive data. And obviously you will want to ensure the data you share is properly protected, writes Mike Howse, EMEA managing director at Protegrity.

 

This is not just good business, it is the law – virtually all data protection and privacy regulations state that firms cannot share the risk of compliance, which means that if your partner fails to protect your company’s data, your company is at fault and is liable for any associated costs, penalties or legal actions that might arise from the exposure of that data.

 

Laws concerning data privacy and security vary, and what you are required to do to protect data in the UK can be very different from the rules that govern your outsourcing partner’s business. Nevertheless, your partner must abide by the data security rules of the countries your business operates in for you to be in compliance with government and industry regulations.

 

To lessen the chance of data being exposed, you must ensure that the company you are partnering with – offshore or at home – takes data security seriously and understands the regulations.

 

Find out how your partners approach data and network security and risk. Are their systems audited regularly, and by whom? What type of encryption software do they use to protect data? Is data encrypted at all stages of its lifecycle – at capture, in transit and at rest – as it should be?

 

Data encryption adds an essential level of protection from intruders and helps ensure data is seen on a need-only basis. Encryption is a necessity in all situations in which authorised users have access to transactions involving confidential information stored in a database or file system.

 

You will also want to know what role-based access controls, authorisation and authentication systems your partners use to ensure that data is seen only on a need-to-know basis. Many abuses (and accidents) occur because people have access to data they do not need to see – or do need to see, but should not be able to alter or copy. Permissions should enable a user to do exactly what they need to get their work done; no more, no less.

 

Also ask partners what security solutions they use – how do they protect against the threat of malicious software, and do they have a threat detection system?

Automated, synchronised threat monitoring and response between the application level and database level provides highly effective protection against both external and internal attacks on networks and stored data.

 

Find out if your partner companies have security specialists within the organisation, and have your IT team speak with them to establish the partner’s security team’s competence and understanding of your security policies and the data protection regulations that affect your business.

 

Don’t worry about being seen as unpleasant or paranoid if you ask hard questions – anyone who takes offence isn’t likely to be someone you want to trust with your data.

MicroScope ACEs Click here for details of the ACE awards in May and look for the shortlist coming soon.
Microsoft campaign Microsoft is working hard to protect your revenue and stem piracy losses click here for information on its campaign.
Media Pack For a MicroScope Media Pack click here.