How we protect our businesses most valuable asset, our data is a tough question and based on the chats I have with our clients CIO’s, it’s not one that’s going away anytime soon, in fact it remains near the very top of the modern CIO’s list of problems.
Where on earth do we even begin?
What becomes clearer the more conversations we have is actually the place NOT to start is with the CIO and IT… What’s that I hear you say, what you with your technical background and technical blogging!!!?
You hear me right, the data protection jigsaw puzzle doesn’t start at IT, because if it does you will probably never get the resolution your business needs… and let’s face it the security of your data, is no different to the security of any other part of your business and none of that security starts at IT does it?
Let me share a story;
One of my colleagues visited a university recently where they were discussing cyber-security, my colleague threw the assembled group of academics somewhat when he said “you are all responsible for your data security, not just your IT guys”
The conversation then went something like this
“well I’m not responsible for security – why would I be?”
“OK, so if you’re not responsible for security, if you left this meeting now and saw one of the students kicking lumps out of one of the bushes would you stop them?”
“If you saw someone walking out the door with a university laptop, would you stop them?”
“Well yes of course” said our academic colleague
“Well then you do take responsibility for University security then… and data security is no different”
Which of course is true, it’s important that in any organisation we are all aware of the security risk and that we take responsibility.
But it’s not only that, it’s also crucial that at the very top of an organisation we also understand the data security risk.
Now without sounding too much like Jackanory (apologies for the younger readers…ask your parents!) let me share another story with you…
One of our customers had been working on an “insider threat” project with us, looking at how to govern access to key data areas (this business has a lot of sensitive intellectual property) and we looked at a number of areas around governance and control. All worked well, we found some appropriate technical solutions to help them achieve what they wanted, however at the very top of the business they didn’t “see the value” of all that…Project stalled…
Strangely a couple of months later we receive and email from the IT director saying how the company chairman has suddenly started asking questions about how they secure their data and has decided what they currently do is not really good enough – suddenly “insider threat” and Governance are right back high on the agenda. It goes to show that a business leaders really need to understand the data risk and take responsibility for it..
What do these two stories show us? In my opinion, they sum up two critical areas in solving your data protection puzzle “buy in” and “responsibility” without those two things, you are really going to struggle to nail down your critical data in the way you probably want and need to.
Without these things then all the technology in the world is probably not going to fully resolve a business data security challenges.
Now of course I’m a techie and technology is going to play a huge part in security and protecting your critical data, but probably not one technology is the answer, it’s lots of things.
But before you go there, it starts with understanding the challenge (Blogged here about that a while back) ensuring that your have leadership “buy in” and that we encourage responsibility across our business, with those things in place, we have more of a fighting chance of getting to the end of our Jigsaw with a lovely picture, rather than that most annoying of things a puzzle with a missing piece!
For those interested in finding out more, stay tuned for details of some events we are running in North West England over the next few months, where we are bringing together key industry security players to discuss the challenges and present some potential solutions, let me know if you’d like an invite and I’ll ensure you’re on the list.