Introduction
The availability of data, along with its clear usefulness, has also brought undesirable conse-quences with it. Data streams have become much harder to control. Data and its owner have become increasingly vulnerable and exposed to a great variety of risk factors.
The information age is demanding that we take a fundamentally different attitude toward data and give it more substantial protection. At issue are not only internal leaks, theft, and corruption of data, but also its loss, pure and simple.
It is not hard to lose data
It was not long ago that data was stored and distributed primarily using paper media and was threatened primarily natural disasters and time. In the age of computer technologies, data is much easier to lose. It can be easily lost due to the following reasons:
1. Computer hardware malfunction (loss caused by hardware problems).
2. Computer software failure (loss caused by software problems).
3. Theft or intentional corruption of data by intruders or dishonest company employees.
4. Unskilled actions by company personnel.
5. And, finally, the loss of control over or access permissions to the data.
Each of these items can give rise to a separate document and deserve separate consideration, but we will examine only the last item for the time being - the loss of control over the data or the loss of access permissions to it.
Experts and IT professionals have given this set of risks less attention than it rightfully deserves, even though the loss of control over data is no less dangerous that its corruption or theft.
We always limit access to the most important data by ensuring that it is encrypted or by setting up password protection for documents and computers.
This way, control over data can be quickly lost in the following ways:
1. Password loss for protected documents (Microsoft Office, electronic mail databases, Adobe Acrobat files, archives, etc.).
2. Loss of access permissions to certain applications (for example, loss of permission to access the Microsoft Windows operating system).
3. Loss of permission to access encrypted data (for example, encrypted using the Encrypting File System).
Obviously, the risks of losing access to the data are always present, and they can never be fully eliminated. Any internal corporate department offering support to users regularly encounters the problem of password loss which requires significant resources to resolve.
At the same times, few professionals think about the fact that these risks can be easily managed, by describing and streamlining the set of actions that must be taken in the event that loss of control over data takes place at the company.
What can be the consequence of dataloss?
Let’s sort out what risks are associated with the loss of access to/control over valuable data, which is ultimately what we are protecting with passwords and through encryption.
Threat to business activity
According to the “Computer Crime and Security Survey 2007” by the Computer Security Institute, the average annual losses incurred by businesses as a result of various threats over one year have grown from USD 168,000 to USD 350,000, and the trend is expected to continue.
A business faced with loss of access to data risks:
- completely losing valuable data, which was password protected and encrypted;
- losing access to important information (this is of particular relevance to internal corporate security departments);
- having to gather the data and recreate the documents from scratch;
- losing internal IT resources of the company to the time-consuming process of finding an ad hoc solution to the problem;
- missing opportunities, associated with the inactivity of individual employees or the duplication of effort.
It becomes evident that the potential consequences can result in many additional costs, internal problems, and even bring the work of the business to a standstill, which can lead to significant material and operational costs.
Password protected data will need to be recreated from scratch, which will require a significant time investment on the part of the employees. In a number of cases this might even be impossible, if the lost data included a disk containing encrypted document archives. All this can entail lost business opportunities for the company.
