Article

Alexis Ternoy
Alexis Ternoy 22 April 2015
Categories Data & Analytics, Social Media, Video advertising

How To Get Security Right

In the age of internet security breaches, why would any company keep all their employee data in one place?

In the age of internet security breaches, why would any company keep all their employee data in one place.



In France, the UK and USA, employees are given a social security number which has increasingly been linked to a credit score number, a number for health care and so on. So why would Sony keep ALL the social security numbers of past employees in one place???


There are a few rules to doing security right.

First, DON’T keep all the data in one place

It’s real simple, keep current employee data separated from past employee data. Even if just to keep passwords up to date, keeping current employee data in a different database just makes sense. And after a year, once final tax documents are mailed, move past data into another database that can’t be accessed except by request. That is, some data should be walled off even from high level ranking users. Security means that top executives don’t have the keys to all the data. Specialized employees are given unique rights to some data. Thus walling some records off from high-level access by one user.

Second, DELETE old data

Yes, as horrid as that sounds to lawyers, some data should be deleted. Once an employee has left, after a year or two, social security data should be purged. And that goes for lots of kinds of data. If it’s sensitive to others, if released, but of no use to the organization – delete it. This is the "right to be forgotten" in French.

Third, LIMIT who can get what

Instead of having a ladder, where the top user gets access to everything, limiting people by segment is more secure. If the CEO has no access to employee data, but needs to go to accounting to get the data, that creates a security wall. And security walls can be created by having data split among servers. For example, one server can have all the employee data without the person’s name. This data would only have the employee number. The number would then be associated with a name on a different server.

Splitting the data among servers, creates a wall. If encryption is strong between servers, this security wall can be quite high and difficult to penetrate.

Having servers with dedicated security zones, also adds to the wall. Internal servers with secure data should have no internet access. If someone is offsite, and needs this data, they need to call into a person who is onsite and can access the data. A lot of people think that every server needs internet access.This is not true. Some data should be for onsite staff ONLY.

Fourth, SEPARATE data with more than one password

Ok, this almost goes without saying, but a one person password is ridiculous. Each database with secure data should have it’s own password and username pair. Anyone that accesses a database with important data, would understand the added security need. This mean a hacker needs to penetrate multiple layers of protection.

Take example on Wordpress great two step authentication, this now IS a standard.

Fifth, MONITOR your systems for users taking too much data

Anyone trying to get ALL the data on a server should trigger an alarm. Once a system is set-up, normal usage will conform to a pattern. After a while, administrators will see the average data consumed per user. This can create a rule. A rule that can be used to limit, and thwarts hackers - bringing them no joy. It’s not fun to only get a few records.

Rules can include too much data coming from the same IP address, the same user or just too much data being accessed from all users. When the limit is reached, fake data or further requests are denied.

Securing data is not that hard, and lots of companies provide software to make the job easy. Why did Sony not have better security?

 

Original Post

Read More on Digital Doughnut

 

Check out our latest videos!



0

Comments
Please login or register to add a comment.

Author Profile

Alexis Ternoy
Alexis Ternoy Service Delivery Manager EPAM
United Kingdom

T-Shape Entrepreneurial Director | Tech & Business | Passionate About Collaboration, Building Agile & Effective Teams | Leading Agile Teams @ EPAM I have an extensive technology and business exposure, international experience working from start-up to blue chip global companies, a proven track record of successfully delivered global strategic information technology projects and services. Passionate about collaboration, service delivery, operation, building Agile & effective teams; I am accomplished in all aspects of application and infrastructure services delivery as both an insourced and outsourced function. I have demonstrated an ability to build and maintain exceptional stakeholder relationships at all levels. Motivated and enjoy the challenge of working in passionate and diverse environment leveraging IT to help bring products to market that positively impact the lives of millions of people worldwide.

See more about this author

Skills

From product vision to design and execution, my expertise come to help my clients realise their vision.

Previous Experience

2013 - 2014 New Bamboo - Head of Account Management 2011 - 2013 Novartis - Business Information Manager 2013 - 2013 Cognizant Technology Solutions - Account Manager 2000 - 2000 Government of France Mayotte Island - Software Developer 2013 - New Bamboo - Head of Account Management 2006 - 2007 Novartis AG - Project Manager 2007 - 2007 Arval - BNP Paribas Group - Project Manager 2008 - 2010 Novartis - Technical Team Lead 2010 - 2011 Novartis - Application Service Manager - Project & Portfolio Management, BI and Strategic Documents 2002 - 2006 Think IT - Development, Project and Product Manager 2004 - 2006 Eurocontrol CFMU - European Organisation for the Safety of Air Navigation - Project Support Officer

Education & Qualifications

This user has not entered their Education & Qualifications

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
10 Factors that Influence Customer Buying Behaviour Online

10 Factors that Influence Customer Buying Behaviour Online

Now is an era where customers take the center stags influencing business strategies across industries. No business can afford to overlook factors that could either break the customer experience or even pose a risk of...

Edward Roesch
Edward Roesch 4 June 2018
Read more
A New Framework for the Marketing Mix – ‘The Customer Mix or 6W’s’

A New Framework for the Marketing Mix – ‘The Customer Mix or 6W’s’

Many of you will have studied marketing at University. You will have learnt all about the marketing mix. My question is whether or not the Marketing Mix is still meaningful in this day and age?

Martin Newman
Martin Newman 6 August 2018
Read more
5 films with Brilliantly Designed Websites

5 films with Brilliantly Designed Websites

The best websites take visitors on a journey that will leave them wanting more. So set aside an hour or three and explore these five brilliantly designed film websites.

Nathan Jones
Nathan Jones 15 April 2016
Read more