How Does Data Protection Figure in to Your Plans?
I have increasingly been talking with people about data protection only to find out that data protection (encrytion, thinking about the flow of information and protecting it along the way, etc.) is often an after-thought.
It seems like many people put encryption in place at the database (TDE) or use cloud providers who talk a lot about security of their systems, and feel like that’s all that’s needed. I’m surprised by this, but it shows too just how the message is getting a little confusing. If you think about how cloud providers provide protection, and then about the vague requirements of "do you protect my data?" and there is much to be confusing about.
I wanted to start working down through some of this – but first just food for thought. Is data protection a key planning point, or it more assumed? If it’s assumed, is it because you have particular steps in place that just work or…?
To me, protection starts at the initial presentation layer and continues through the BI access controls. You have to control and protect information from the time it’s entered at the point of data entry to the use of that information. It takes work to do so though, and it seems like many segments of protecting the data are not considered.
How do you approach it? Drop me an email at swynk@sswug.org or comment below…