Tuesday, May 08, 2007

Information Security considerations

Protecting information assets, i.e. information security is one of the key roles of an Information Manager. The drive to open up advocated in the last few items in this Blog does not undermine this role. Actually the strategy to open up helps protecting what needs protection, since it provides more focus.

Note that most information does not need protection. So what is really confidential? A short list is below:
  • Anything related to people privacy (think medical, salaries, performance appraisals, ...)
  • Anything related to money (think contracts, prices, budgets, tendering strategies, ...)
  • Anything related to risks (think security arrangements or sr. executive travel plans, ...)
  • And anything else that may harm the company (or people) when published and available on the street (think elements related to reputation, or think confidential strategies, etc.)

All the rest is NOT confidential! So if by default everything should be open (inside the network, which is obviously protected by a firewall, etc.) and only some areas should contain protected information.

What are the advantages:

  • Implementing Search in a company is so much easier when the crawler only has to crawl the non-confidential records ...
  • Collaborative working becomes easier, since by default you have access to the information stored elsewhere in the company.
  • Don't forget about the reduced complexities of managing security in Windows and the overhead that comes with it. If things are easy, than it takes less time, but also there is more focus on managing what really needs protection.

But opening up requires a culture change. Most infrastructure people & IT managers have been raised in an environment of control, so therefore convincing them is a hard job.

There are also some technical considerations to take into account. E.g. when companies have an incremental back-up, than the back-up may fail if people are allowed to drag whole trees from one place to another, leading to GigaBytes of data to be added to the back-up ... Network security should prevent this (so some control is still needed!).

Labels: , , ,

posted by Evert Ruijs @ 4:13 AM

0 Comments:

Post a Comment

<< Home