CIO Talk

A Deeper Look at Data Security Readiness

Nishant Verma, Country Manager India & SAARC WinMagic Inc.

If the right data encryption solution is implemented, it is possible to fully secure your organisational data while reducing IT costs and being completely invisible to the end-user

Data security is the primary concern of every enterprise but there is always confusion as to how to start and what to start with as far as security solution is concerned reason being there are so many security solutions and there are so many applications available in the market.

A key foundation or first pillar of any data security solution should start with data encryption and key management. If a solution is built with the proper foundation, the risks associated with data loss or exposure is greatly reduced, including the negative impacts on process and capabilities. But this begs the question, what is your organisations thinking and approach to securing their environment? How far down the path have they gone in securing their environments and is encryption a key foundation? There are of course different levels of security that can be established across different areas or sectors of the business – encryption solutions are no different.

More than ever before, data encryption and security are top of mind among most IT administrators as more and more regulations and laws are put in place to curb the risk of data loss. As organisations seek to improve their security models, they’re faced with a myriad of options to lock down systems, processes and networks.

However, in our experience organisations have avoided looking at a robust encryption solution because they feel:

  • It can be too costly and expensive
  • It will slow down overall device performance
  • Process and capabilities become complicated and affect user experience
  • There are too many devices to secure and monitor leaving organisations at a loss of where to start

If the right data encryption solution is implemented, it is possible to fully secure your organisational data while reducing IT costs and being completely invisible to the end-user. Also, the idea of maturing your processes and solution approach is critical to understanding and controlling your security. From our perspective there are five levels of data encryption maturity that organisations can find themselves in:

Level 1 – Unaware

A level where there is no data protection solution utilized by an organization. As far as the business is concerned, there is no business driver to adopt encryption.

Organisations in this category are at a high level of risk in the event a device is lost or stolen. They typically haven’t evaluated their security needs and the risks associated with not adopting such a foundational approach to data security.

Level 2 – Tactical

This is alevel where a company selectively deploys basic software or OS-based encryption to a defined and often very limited number of laptops devices. There are no central management capabilities and is managed via desk side support only. It’s a baseline solution that may be ‘good enough’ but lacks control and efficiency as it will generally encrypt only one type of device (like a laptop), in a silo’ed team or department.

This tactical approach is often born out of the need for compliance to specific laws, legislation or regulations.

Level 3 – Defined

This level is defined as encryptionbeing leveraged across most, if not all endpoint (laptops) devices and may begin to include some removable media.Centralized management is also introduced at this level. There is room for improvement as there are still devices and endpoints that do not have data security and could act as an access point to authorized users.

In this instance, like the Tactical level, compliance is driving the need for encryption but in addition to this, there’s a requirement for better audit and control capabilities.

Level 4 – Managed

A level where most, if not all, devices are encrypted including desktops. This is all controlled through a fully centralized management solution and gives administrators the granularity of control they need without being a hindrance to the end-user.

Building on the same business drivers as the Defined category, Managed organisations also need to improve their overall IT management process and ensure they maintain a positive brand image.

Level 5 – Optimized

At this level organisations are taking complete control of all devices and are deploying encryption for all data no matter where it resides. Management capabilities enables a view and control of all endpoints, irrespective of platform, and key management capabilities for securing and encrypting data that resides in public or private cloud.

The big difference for Optimized organisations is that their need is to have a solution that can help decrease IT management costs and reduce or eliminate the impact on the end-user experience that could hurt productivity.

At this level organisations are in the best position to reduce risks significantly and safeguard confidential data.

There is no quick solution, it’s an evolution. Companies must work through to fully optimize their data security strategies while reducing IT costs. WinMagic possesses the expertise and consultative approach to help customers determine their current and desired state on the Maturity Model. Their industry leading encryption solutions ensure required capabilities are enable appropriately at all desired levels of the maturity curve.

Related posts

Generative AI, the creative power of Artificial Intelligence….


“The Art of Negotiation” Leadership Skills Required for Negotiation in the Time of Crisis.


Cyber Fraud Fusion Centres, Leveraging Network Effect Is Essential to Fight Fraud