 |
 |
|
By Samuel Greengard on 2010-12-07
It’s no bulletin that governance, risk management and compliance (GRC) issues are at the forefront of enterprise thinking and decision-making. It’s also clear that they are becoming increasingly nettlesome—particularly as the swath of information technology systems expands and reaches beyond the four walls of the enterprise. Virtualization, cloud computing, mobility initiatives, social networking and advances in data portability and storage are producing a spate of new challenges and concerns for CIOs. Running afoul of governance and compliance requirements—internal as well as those mandated by a government—can quickly translate into costly errors, fines and data loss, along with negative publicity, a tarnished brand name and, in the end, diminished revenues. Navigating this new digital order means addressing GRC risks up front. Unfortunately, the danger points aren't always as obvious as you might think. Sure, there are the no-brainers, such as PCI compliance for anyone dealing with customer data, but when was the last time you considered how much information is floating around your organization in lowly spreadsheets? These danger points that can undermine everything from records retention and data sharing to security and privacy. Here are eight time bombs that could contribute to compliance breakdowns and failures within your organization:
|
|
|
- of
Storage Creep The proliferation of data—especially across a mélange of systems, devices and departments—often translates into little or no knowledge of what actually exists and where everything resides. An organization that lacks a robust discovery process and storage optimization can easily see data go AWOL.
Smartphones and TabletsAs employees load apps on their iPhones, iPads and Droids, the risk of compromising security and undermining GRC grows. In addition, be aware of fake apps that steal contacts and text messages.
Stealth CulpritsUnsecured, unencrypted USB devices pose an obvious threat. But anything with an SD card or flash memory, including cameras, digital audio recorders, and iPods, can become a tool for transporting data. Even an automotive computer system that links to your smartphone via Bluetooth could become a source of contact data leaks.
VirtualizationVM sprawl is a growing concern for organizations. Knowing where data resides is critical. Protecting VMs with virtual firewalls, malware solutions and other tools is part of effective GRC. Also, be aware of potential threats, such as hackers attacking the hypervisor layer directly.
Social mediaSocial networking sites typically pull data from numerous interconnected servers spanning applications and organizations. Your employees might post something on Facebook or Twitter and, depending on privacy settings, the data might leak to the world. Blogs, wikis, mashups, video sharing, and folksonomies present additional challenges.
Cloud ComputingAs individuals tap into applications such as Salesforce.com, MobileMe and Dropbox, they share data across personal devices and systems, including smartphones and iPods.
The Lowly SpreadsheetMany business operations, including finance, continue to worship the spreadsheet. Unfortunately, files often float freely from user to user and across company lines with few or any controls.
PCI Compliance Over Wireless NetworksPayment card industry (PCI). Many organizations fail to update access points with security patches and some still rely on WEP encryption for their wireless networks, which doesn’t measure up to current PCI standards. It’s wise to exceed the PCI Data Security Standard.
Four Tips1. Tighten up your procedures and policies2. Offer training 3. Look to third party solutions such as mobile content management, DLP and other endpoint tools, DRM, encryption, and malware protection. 4. Look for enterprise applications that provide the greatest level of security and central management capabilities.
|
| FEATURED SPONSORED VIDEOS | |
|
|
|
|
|
|
|
|
Apple's MacBook Pro: 10 Reasons It Belongs in the Workplace
10 Ways to Develop Your Tech Talent
10 Products Apple Should Launch In the Next Year
With More Budget Comes Greater Responsibility for CIOs
CIOs and Lawyers: A Match Made in Heaven or Hell?
Writing Effective Email: Resist These 10 Cardinal Sins
