Filter by Category

Silence the Nagging By Securing Your Data

Compliance issues and the ever-growing list of compliance regulation acronyms (HIPAA, PCI DSS, SOX, etc.) are persistently nagging IT folks who must meet tough mandates and overly complicated rules. compliance, HIPAA, PCI DSS, data security

Of course, the real reason we must now pay so much attention to compliance is others' irresponsible abuse. Somewhere along the data strewn path, a few malicious malcontents had to succumb to the voice of greed and abuse their technological skill sets.  All IT professionals' jobs are tougher thanks to those that through hacking, sniffing, or lifting data sources chose to steal and sell inadequately secured information.

The truth is, though, that "data" really is sensitive information and we live in a paranoid modern world where dastardly damage is done with a just a little twist of the facts.  So in response to the cries of outrage among our citizens, politicians have wrung their bureaucratic hands and offered plenty of passing legislation designed to protect our data.

Because IT is responsible for the company's data, we need to stay abreast of the laws that apply to it. We also need to to fully understand and implement the three types of data protection: physical, transitional, and procedural.

Physical

Physical protection is probably the easiest. We secure the data on our servers, backup tapes and offsite facilities with technologies such as passwords, drive encryption, backup encryption, data center surveillance, physical locks, etc. We spare no expense in securing the physical because we can see it and believe it is secured. Or so we think.

Transitional

Transitional protection is a little more difficult.  Any data files that leave our networks should be secured with managed FTP solutions that encrypt the files with SFTP, FTPS, HTTPS, PGP, and other protocols.  Firewalls are set up to control what can leave or enter our data domain. DMZ gateways are set up to increase the virtual protection of the data and still allow designated users access to it.

Procedural

Procedural security is a type of data protection that is least understood and implemented.  A clear and understandable security policy needs to be communicated to the end users so they become familiar with sensitive data is secured, and what consequences may loom if procedures aren't followed.

The majority of us in IT are protective about who has access to our own sensitive data, so we can understand the reason for protecting everyone else, too. Yes, it's a lot of work, but it's part of the new normal.

Meet various compliance requirements with GoAnywhere MFT:

 

Comments (1)

  1. HITECH and HIPAA Compliance Tough on IT Staffs:
    Jun 19, 2012 at 12:05 PM

    [...] (Health Insurance Portability Accountability Act), passed in 1996, has received the most attention (see our blog), the more recently implemented HITECH law is quickly having an [...]

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…


Need an Alternative to AMRDEC SAFE’s File Service? Start Here

November 29, 2018

AMRDEC SAFE Shut Down Due to Security Issues Bad news for the U.S. army: AMRDEC SAFE, the Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange service that…


How 3 Financial Institutions Solve File Transfer Needs with MFT Software

November 26, 2018

On a scale of 1-10, how would you rate the efficiency of your file transfers right now? If you use manual scripts, legacy software, or a myriad of free tools to balance your encryption, automation,…


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…