The thing to remember concerning what you hear about data breaches is that you’re hearing only about what gets reported — and plenty of data breaches never get reported.
Even so, the numbers we do have are plenty scary. A study on data breaches — 2010 Annual Study: U.S. Cost of a Data Breach, published last March — conducted for Symantec by the Ponemon Institute tells us that in 2010 (the most recent info we have), the average data breach cost $7.2 million, up from $6.6 million in 2009.
Categories: Business Continuity | Business Resumption | Data Access | Information Security | Intrusion Detection
I recently came across a cloud computing benefit/risk study conducted in the first half of 2011 by the IT Policy Compliance Group (ITPCG). It shows that best-performing organizations (which see higher profits and suffer fewer business disruptions and less data loss) use cloud computing significantly more than poor-performing organizations.
More than two-thirds of best performers use cloud computing — about half opting for private clouds, while 25% use hybrid clouds and another 25% use public clouds. By contrast, only 9% of worst performers use cloud computing.
Study findings also indicate that:
This last of my backup/recovery best practices is far from the least of them:
#10 Conduct regular testing and reviews of your data recovery capabilities
Backups can be corrupted (especially if they’re tape-based) and too often backups are performed incorrectly. Key files, directories, or components may have been excluded, especially if your infrastructure has undergone adds or deletes.
Categories: Backup | Business-critical Data | Data Access | Disaster Recovery | Information Security | Recovery
Our Chief Technical Officer, Mike Dillon, estimates that the number of infected sites is growing by 20% to 25% a year. “If your company is shifting more toward cloud services and hasn’t addressed security, you will be attacked,” he says.
So here are the (non-technical) questions you need to ask and get answered to protect your business:
Categories: Business Continuity | Business Resumption | CEO to CEO | Cloud Computing | Data Access | Disaster Recovery | Encryption | General Business | Information Security | Monitoring | Technology Management
It’s easy to tumble backwards into information security, to let yourself get sidetracked into arcane, hard-to-follow discussions about the innards of technologies and products when in fact you need to be thinking through higher-level strategy and policy.
If, for instance, you don’t actually know yet whether your business would benefit from using encryption, listening to the sales pitches of competing encryption product vendors is a waste of time.
So start with straightforward non-technical questions that your IT people should answer in a straightforward, non-technical way. When they backslide into techno-babble make them translate (they can use the practice).
You’ll also want to pose questions about the security of your information infrastructure as well as how to cope with cloud computing and social networks. Check my next post for those 9 questions.
Categories: Business Continuity | Business Resumption | CEO to CEO | Disaster Recovery | Managed Services | Security | Encryption | Information Security | Business-critical Data | Data Access | Authentication
Quest © 2012. Quest® is a registered trademark of Quest Media & Supplies, Inc.
Subscribe