Industry news

The more technology makes our working lives easier, the more it seems technology complicates our lives by making it easier for insiders with malicious intent and outsiders bent on stealing our secrets to steal our data. Whether you have done it recently or sometime in the past you will have locked down and secured your corporate data and make sure that your organisation cannot be breached.

However, it seems that the inevitable consequence of our technological advances is a well-trained, determined phalanx of hackers who are an increasing threat to all organisations. If you add to this the bring your own device problem, where consumer devices are entering the enterprise by the back door and causing havoc, then you will have to be vigilant 24 hours a day seven days a week. David Gibson, VP of Marketing at Varonis, gives you some guidance on how to do that without turning your office into your bedroom. Here are Varonis’ top 10 tips to prevent a data catastrophe.

Firstly, let's just look at how much data you have to store and how fast it's growing. The 2011 IDC Digital Universe study 1 forecast that in 2011 alone 1.8 zettabytes (or 1.8 trillion gigabytes) of data would be created. This is the equivalent of every U.S. citizen writing 3 tweets per minute for 26,976 years. The report states that over the next decade, the number of servers managing the world's data centers will grow tenfold and the world's data will grow by a factor of 50.

The study goes on to say that “While 75% of the information in the digital universe is generated by individuals, enterprises have some liability for 80% of information in the digital universe at some point in its digital life,” and, “Less than a third of the information in the digital universe can be said to have at least minimal security or protection; only about half the information that should be protected is protected.

In order to assess your data protection capabilities, you first need to determine if you can answer basic questions about data. You may assume you can answer these questions, but as I mentioned before, an assumption can be your first mistake. Can you answer for any data set, “who has access to it, who is accessing it, who should have access to it, who owns it, when was the last time access was reviewed, which data is critical, and where is critical data overexposed?” For any individual, you need to be able to answer similar questions, like, “what data do they have access to and what data have they accessed over the last 30 days?” Each question you can’t answer represents an opportunity to improve your security.

The uncomfortable fact is that the complexity of managing the data is growing faster than the resources available within the vast majority of organizations. With another uncomfortable problem coming down the road towards us — the fact that we are also running out of skilled IT personnel to deal with this tsunami of data — it is time to take stock and examine how the average organization can prevent a data catastrophe.

With over 23 million records containing personally identifiable information (PII) leaked in 2011 alone (source: privacyrights.org), it is more important than ever for organizations to ensure sensitive data is secure. In many organizations, keeping up with data growth and preventing a data catastrophe seems insurmountable with existing IT resources —imagine how it is going to be in a few years without additional skilled staff to help you.

With recent advancements in data governance software automation, IT can now easily implement 10 simple steps to prevent data from being misused or stolen:

1. Audit Data Access

The first step towards getting your data under control and averting disaster is to properly audit all data access activity. Once your data touches are being audited, you can easily determine who is doing what with your data. This opens the door to answering questions IT is often stumped by, like “who deleted my files”, “what data is someone using”, or “which data is stale”. Auditing also provides the necessary data to allow IT to start to determine who owns a data set so they can be involved in deciding out who should have access to their data. More on that later…

2. Inventory Permissions and Group Memberships

Once you are tracking what people are doing with your data, you need to look at who has access to what data. All too often people gain access to more and more data over time, but that access is rarely, if ever, revoked – even as changing roles obviate the need for that access. A full inventory of permissions for all of your data stores and the folders within them can take time, especially if you’re creating it manually. Thankfully you can now automate all of this. By combining the permissions data with group memberships, you can start to see who has permission to access each file or folder. With this data IT can quickly answer fundamental data protection questions like “Who has access to a data set” and “Which data sets does a user or group have access to”. This forms the foundation for cleaning up permissions.

3. Prioritize at risk data

While all data needs to be protected, not all data is created equal. Some files contain confidential corporate information; other files contain customer or partner data; maybe you keep credit cards on file; perhaps you’re storing social security numbers. Regardless of what it is, some data is sensitive and needs extra protection. By using tools that analyze your data to identify sensitive content and combining that data with other relevant metadata you will be able to locate files and folders where such data is overexposed. A good tool will enable you to prioritize data that is most at risk, so you can remediate that first.

4. Remove global access groups and revoke broad access rights

In many organizations today, access controls have been in place for years and often much of the data is open to global access groups like the “Everyone” group. Even if this exposed data isn’t sensitive or confidential in nature, excessively broad access controls like this invite trouble. Removing global access groups is a good step towards ensuring that only the right people can get to your data. Once these permissions have been revoked, aligning data to the right users becomes much easier. However, it may be unwise to remove these groups without first having a plan for restoring access to those who may require it for their jobs. The right technologies will allow you to ‘sandbox’ your changes to see what the impact will be on business processes before committing the changes to your production environment.

China Telecom has agreed to purchase 3G network services from parent company China Telecommunications for $13.3 billion.

The service acquisition is expected to be completed by December 2012 and will allow for increased speeds and service development.

China Telecom posted revenue of $21.8 billion for the first half of 2012, an increase of 14.8 percent, as higher end mobile user customers increase in number.

Bedfordshire, Cambridgeshire and Hertfordshire Police Authorities are considering outsourcing support services to G4S despite Olympic mishaps.

The forces are looking at the success of Lincolnshire Authorities’ outsourcing contracts with G4S to determine the success of the service and how the procurement process proceeds.

The three police services released a statement: “The full business case will therefore be completed over the next few months, ready for consideration and a decision by the Chief Constables in conjunction with the incoming Police and Crime Commissioners.”

Dell has announced private cloud services hosted on dedicated servers within data centres.

The service is designed to reduce resource expenditure on local hosted server systems. The offsite service would provide IaaS services through the private cloud and provide efficiency cost savings.

Dell has made numerous acquisitions over the last few years and the IT giants seeks to expand its cloud offering and compete against the likes of Amazon and IBM.

The Post Office has offered two contracts up for tender, totalling £360 million, to provide IT services throughout the organisation.

The news comes after the postal service experienced difficulties with IT services provided by Horizon.

The new contracts are designed to deliver new services, transition services and prepare for future innovations.

The world’s largest distiller, Diageo, have report increased annual revenue.The company sells such brands as Guinness, Smirnoff and Johnnie Walker.

The London based distiller reported that increased sales within the U.S. have helped to drive profits despite uncertain economic conditions in Europe.

The company revealed £3.2 billion in earnings prior to tax and interest, a 9 percent increase on last year.

SCC, who provide IT infrastructure services, have become the first supplier to the G-Cloud, to become fully accredited for secure government data.

While the company has yet to acquire customers through the public sector cloud service, the accreditation will allow SCC to sell to a wider range of public sector departments, including those involved in delivering security centric services.

Rhys Sharp, SCC's chief technology officer, commented: “As you would expect it is has been a long and challenging process, but we have to put it in context of the whole journey that we have already been undertaking.”

Computing giant Dell has warned of low revenue expectations for the third-quarter, due to economic uncertainty and a highly competitive marketplace.

The company warned during the release of second quarter financial results, of an expected drop of revenue of between 2 and 5 percent.

Brian Gladden, Dell chief financial officer, said: “Growth in our PC business was challenging, as we saw a tough macro-economic and competitive environment, and continued to focus on higher-value solutions in this business”.

After concern surrounding the low number of sales carried out through the G-Cloud during July, the government have released a revised figure of £ £353,000, £254,000 higher than previously reported.

Denise McDonagh, director of the G-Cloud programme, revealed the new figures via Twitter.

McDonagh criticised reporting surrounding the original figures, saying, “what they don’t understand is the relationship between £1 spent with a G-Cloud supplier, and £1 spent with one of the 20 corporations responsible for delivering 90 percent of government IT at present.”