Secure By Design

Secure by Design

Lawsuits, settlements, and fines relating to data breaches are on the rise due to the various inadequacies associated with storing data. In Europe the General Data Protection Rights are the toughest in the world and organisations that experience data breaches are not simply fined an arbitrary amount but a portion of their turnover. As a result, many governments, including Australia, have introduced similar stringent regulations.

At present many businesses are required to adhere to specific data protection regulations ensuring sensitive data is highly secure, health care providers for example, but even when there is no regulated compliance, there is a moral one. In fact, the very survival of the modern business depends on data security.

Data Security is the process of keeping data safe and secure from unauthorised access and includes protection from attacks that can destroy or encrypt it, such as ransomware.

Data protection is not simply protecting the data itself with encryption, controlled access, antivirus and storing data in a secure manner, but also the protection of all the processes involved in its capture and usage. At the same time the data must be appropriate, accurate and timely. Over time it is inevitable that information systems degrade. Modifications are required to stay competitive and all too often they do not conform to best practices and result in unforeseen side-effects. A common tell-tale sign of things having gone awry is when an organisation is relying on data stored in a spreadsheet.

Progressively, as we have more distributed application processes thrust upon us, the technological framework fragments, and with each iteration data is at greater risk. At the same time there is an ongoing competitive need to get business to market and all too often organisations skimp on best practices that prevent vulnerabilities.

All forms of development have been suffering from tight budgets. One need only look at the documentation for any system, which has always been the place to go to for information, to get an idea of how IT has changed. Good solid business practices must be continuously catered for.

More to come …