Data security: Whose job is it really?

By Andrew Jaquith
Despite years of investments in technology and processes, protecting enterprise-wide data remains a maddeningly elusive goal for chief information security officers (CISOs). Software-as-a-service (SaaS), Web 2.0 technologies, and consumerized hardware increase the number of escape routes for sensitive information. Regulations, statutes, and contractual expectations drown CISOs in audit requests and ratchet up the pressure to do something about the problem. Hordes of vendors confuse CISOs with innumerable sales pitches.
Instead of beating your head against the wall, devolve responsibility to the business, keeping controls closest to the people who use the data. IT security should be primarily responsible only for deploying data protection technologies that require minimal or no customization. Read the full story [csoonline.com]

By Andrew Jaquith

Despite years of investments in technology and processes, protecting enterprise-wide data remains a maddeningly elusive goal for chief information security officers (CISOs). Software-as-a-service (SaaS), Web 2.0 technologies, and consumerized hardware increase the number of escape routes for sensitive information. Regulations, statutes, and contractual expectations drown CISOs in audit requests and ratchet up the pressure to do something about the problem. Hordes of vendors confuse CISOs with innumerable sales pitches.

Instead of beating your head against the wall, devolve responsibility to the business, keeping controls closest to the people who use the data. IT security should be primarily responsible only for deploying data protection technologies that require minimal or no customization. Read the full story [csoonline.com]

* Composite image via ArtemFinland‘s Flickr photostream (CC 2.0)

 

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.