Filter by Category

Silence the Nagging By Securing Your Data

Compliance issues and the ever-growing list of compliance regulation acronyms (HIPAA, PCI DSS, SOX, etc.) are persistently nagging IT folks who must meet tough mandates and overly complicated rules. compliance, HIPAA, PCI DSS, data security

Of course, the real reason we must now pay so much attention to compliance is others' irresponsible abuse. Somewhere along the data strewn path, a few malicious malcontents had to succumb to the voice of greed and abuse their technological skill sets.  All IT professionals' jobs are tougher thanks to those that through hacking, sniffing, or lifting data sources chose to steal and sell inadequately secured information.

The truth is, though, that "data" really is sensitive information and we live in a paranoid modern world where dastardly damage is done with a just a little twist of the facts.  So in response to the cries of outrage among our citizens, politicians have wrung their bureaucratic hands and offered plenty of passing legislation designed to protect our data.

Because IT is responsible for the company's data, we need to stay abreast of the laws that apply to it. We also need to to fully understand and implement the three types of data protection: physical, transitional, and procedural.


Physical protection is probably the easiest. We secure the data on our servers, backup tapes and offsite facilities with technologies such as passwords, drive encryption, backup encryption, data center surveillance, physical locks, etc. We spare no expense in securing the physical because we can see it and believe it is secured. Or so we think.


Transitional protection is a little more difficult.  Any data files that leave our networks should be secured with managed FTP solutions that encrypt the files with SFTP, FTPS, HTTPS, PGP, and other protocols.  Firewalls are set up to control what can leave or enter our data domain. DMZ gateways are set up to increase the virtual protection of the data and still allow designated users access to it.


Procedural security is a type of data protection that is least understood and implemented.  A clear and understandable security policy needs to be communicated to the end users so they become familiar with sensitive data is secured, and what consequences may loom if procedures aren't followed.

The majority of us in IT are protective about who has access to our own sensitive data, so we can understand the reason for protecting everyone else, too.  Yes, it's a lot of work, but it's part of the new normal.


Comments (1)

  1. HITECH and HIPAA Compliance Tough on IT Staffs:
    Jun 19, 2012 at 12:05 PM

    [...] (Health Insurance Portability Accountability Act), passed in 1996, has received the most attention (see our blog), the more recently implemented HITECH law is quickly having an [...]

Add a Comment

Allowed tags: <b><i><br>

Latest Posts

The Ultimate Guide to Investing in Secure File Transfer Software

March 13, 2018

It comes as no surprise—file transfers are a critical part of each organization’s operations. They can share anywhere from dozens to hundreds of thousands of documents with trading…

What You Need to Know to Prepare for GDPR Compliance

March 6, 2018

Now that we’ve crossed into 2018, the GDPR is only months away. Less than three months, in fact—the new EU General Data Protection Regulation becomes enforceable worldwide for any…

On the Road Again: Where to find GoAnywhere this Spring

February 28, 2018

On the road again Goin' places that I've never been Seein' things that I may never see again And I can't wait to get on the road again. Is anyone else itching to follow in Willie Nelson’s…

Marketing Service Provider Successfully Deploys GoAnywhere in the Cloud

February 22, 2018

As industry needs evolve, many organizations are looking to the cloud as a potential next step for their data requirements. For one big data, analytics, and marketing service provider, moving to a…

15 Ways to Avoid Document Chaos with Secure Forms

February 20, 2018

Vendors, employees, customers, and trading partners exchange an abundance of files every day, often by a variety of means including mail, email, telecomm apps like Skype, shared file storage like…