Organisations are starting to realise the importance of data protection, but possible routes of data loss have become complicated and numerous, making countermeasures difficult to develop.
According to John du Plessis, the EMEA sales engineer at information security company Trustwave, organisations should make sure they identify data security and compliance status as well as areas for improvement.
He says they should take note of where their sensitive data is, and be sure only the right people can access it. “They should also know where sensitive data could be leaking from the organisation.”
According to Du Plessis, organisations should come up with strategies to secure data without hurting business productivity, and ensure it is compliant with regulations.
The strengths and weaknesses of the current state of data can be determined through the people, processes, and technology in the organisation, he says.
After all this is done it will be much easier to guide, establish and maintain an environment that protects sensitive data and leverage technology to ensure consistency, cost effectiveness, and comprehensive coverage, adds Du Plessis.
Data theft has become a big business for attackers, he says, and the best strategy for protecting customers' data is to help them implement a technology-based, in-depth defence programme.
Organisations should invest in technologies that support enterprise data protection like Web application firewalls, network access control, data loss prevention, and encryption solutions, he advises.
“These assure monitoring of data in motion for visibility into information risk and give policy-based defence against data loss over corporate e-mail messages and attachments.
“They also give policy-based defence against data loss over HTTP; analyse and block Web-borne content despite use of anonymous proxies and SSL,” he adds.
In addition, these methods provide application-level security and compliance and real-time protection from a 'zero day' attack. “Web application firewalls give more robust security and low false positives as well as visibility into application health.”
Du Plessis advises decision-makers in organisations to look to vendors with deep expertise in content scanning and select a best-of-breed security solution.
Share