The data security life cycle

Every day sees another headline that illustrates how data protection has been ignored resulting in vital government or corporate data that has been exposed or lost. Yet it is common knowledge that government agencies and private enterprises have a vested interest, and a legal obligation to effectively protect data. Companies must understand, and account, for any data security mishaps. Merely adopting a security policy alone, according to Dr. Peter Mitteregger, vice president of Europe & EMEA at data security consultancy Credant Technologies, will only provide a false sense of data protection and potentially lead to the cost, embarrassment and humiliation of notifying customers, shareholders and competitors when data does go missing. Dr Mittregger says it is wrong to think of data security as a static problem. A better way to view data security is as a lifecycle, which can be broken down into four phases of data protection: detecting the devices where data is stored; enforcing the encryption of sensitive data; putting in place an auditing and reporting system which proves that protection was in place in the event of a theft; and finally, providing a support system which helps users retrieve passwords and data from discarded media