|
TheLowDown
Monthly Newsletter
August 19, 2008
Cisco Highlights a New Data Security Blueprint for Retail/Healthcare Industries
Written by: Evan Schuman, Editor of StorefrontBacktalk.com
As retail and healthcare executives around the globe struggle to
adhere to a wide range of data security rules, many are discovering
some unpleasant truths. Chief among those is that few of these
companies truly know where all of their data is at all times.
This is not to say that officials at most retailers and healthcare
companies are ignorant about where their data starts and where it is
sent. But as data routes its way through off-site backup and into
employees' laptops and USB flash drives, is shared with key
customers and partners over an extranet, and is even spoken in a
call center, that data can end up in quite a few unexpected places.
Many efforts today try to address data security concerns in the
retail and healthcare industries. Getting the most attention in
retail is the Payment Card Industry's Data Security Standard (PCI
DSS, more commonly referred to as simply PCI). These guidelines
describe the proper handling of payment card information, along with
procedures for companies to be formally assessed for compliance.
PCI uses a carrot-and-stick method to encourage compliance. The
sticks are fines and penalties for missed deadlines. The carrot is
that compliant companies may enjoy reduced tiered service fees. This
directly impacts a company's bottom line.
What Do You Really Know About Your Data?
The key to protecting sensitive data such as customer credit card
data is that companies know where that data is. "You need to know
where your data is at all times, both at rest and in motion," says
Cisco's Terri Quinn-Andry, Compliance Solutions Manager. "Many
organizations do not always know where that data is or where it
goes."
"The first step in protecting data is figuring out where it is. And
today, companies simply do not know all of those places," says David
Taylor, formerly an analyst with Gartner Inc., who today runs the
PCI Knowledge Base Web site. "Users know the repositories. What they
do not know is what individuals have done to that information after
it has been received."
Four key elements for helping protect their critical assets:
1. Education: Identify what the business critical data assets are
and where these assets are located.
2. Operations (Process): Safeguard critical data while "at rest and
"in motion". Isolate access to those assets and network segments
where the assets are with a layered defense approach.
3. Regulatory and Corporate Policy Compliance: Adopt a security
program that focuses on safeguarding critical data and addresses
government and private-sector compliance requirements such as
Sarbanes-Oxley, PCI, and HIPAA.
4. Technology: Implement a solid security infrastructure and
portfolio of technologies that satisfies the education, operations
and policy steps. By taking this layered approach to security, Quinn
adds that, "organizations will be in a better position to safeguard
their critical assets and respond to potential security threats in a
more nimble and timely manner" (News@Cisco).
TheLowDown Newsletter
GGI's Best Used Network Equipment
|
