April 08, 2014 00:00 By Praveen Thakur 9,997 Viewed
Technology can be thought of as a double-edged sword - when harnessed well, it brings with it the capabilities to transform businesses and the way they are run, helping them become powerful industry players.
However, along with it are various security risks that were previously less critical, yet increasing now as access to data expands in today’s market.
Rising security threats, expanding compliance requirements, consolidation, and cloud computing are just a few of the reasons that data security has become critical.
Take, for example, bring-your-own-device initiatives, which have led to the prevalence of smart phones, tablets and other mobile devices in the workplace, modifying the traditional office environment and creating new security risks.
It is also increasingly common for businesses to engage in continuous organisational changes such as outsourcing, offshoring and corporate mergers, all of which further expose the firms to new avenues of attack.
Acknowledging the potentially devastating impacts of such attacks, these risks highlight why centralised and efficient protection of sensitive data is more important now than ever. The market agrees, with organisations rushing to adopt security initiatives.
In view of increasingly sophisticated attacks and the ease at which data leakages can occur today, there is a need to shift from existing security measures in pursuit of a cohesive, in-depth and multi-layered approach.
Only by encompassing preventive, detective, and administrative controls into an integrated security solution will organisations be able to consistently protect sensitive data at the source, and guard against potential attacks.
There are two key sources of data exposure – storage and through applications. In order to rectify this, effective measures have to be made in key foundational areas. This can take the form of preventive controls such as data encryption and the redaction of sensitive data.
Data encryption comes into play by protecting against bypass attacks, denying unauthenticated users access to sensitive information. By preventing attackers from circumventing the database, security systems are better protected against malicious attacks.
Reliance on applications can also lead to increased likelihood of data exposure, thus compromising on the safety of security networks. This problem is further exacerbated by the embrace of smart-phone and tablet devices, which makes the issue of sensitive data exposure even more urgent as data access beyond the traditional office environment becomes commonplace.
Take, for example, a call-centre application with a screen that exposes customer credit-card information and personally identifiable information to call-centre operators. Today, exposure of that information, even to valid application users, may violate privacy regulations and put the data at unnecessary risk.
As data volumes expand and the threat of exposure continues to rise, enterprises must have strong controls in place to protect data regardless of what devices or applications are used.
Praveen Thakur is Asean vice president for Oracle’s Technology Business Unit.