Myth: Encryption makes your data secure.
Fact: Encryption is only one way to secure data. Other methods (often used together) include access control, data integrity, system availability, and auditing.
Data security refers to protective digital privacy measures that are applied to prevent unauthorized users from accessing computers, databases, and websites or corrupting data.[1] Some organizations use standard practices to define and implement data security, but procedures can change based on a company’s business operations, the sensitivity of data, and the types of risks a company may face. The task of enforcing these practices often falls to data security and compliance officers, who must ensure that appropriate data safeguarding measures are in place.
If recent studies are any indication, data security is an increasingly important issue in many industries. The 2013 Forrsights Security Survey by Forrester Research, Inc. asked 1,417 North American and European enterprise and SMB IT security decision-makers about data security. The survey concluded that data security consumed the second largest portion of organizations’ IT security technology budget (17%), just below network security (21%).[2] Moreover, 35% of the organizations surveyed planned to further increase their data security budgets in 2014 by 5 to 10%, while 10% of the organizations planned to increase their budget by more than 10%.[3] Ultimately, plans to continuously fortify data security are evidently growing, as no company wants to fall victim to cyber-attacks, data breaches, or other security incidents. However, some organizations are not receiving the full value of their investment because they still do not understand the risks they face.
There are several different types of risk that companies attempting to manage data security face, such as theft, accidental media exposure, and insecure practices. One shared trait of these “risk areas” is that they are often the result of internal and employee mistakes. Those who are entitled to handle sensitive data usually end up doing more than one of the following activities: collecting, storing, sending, encrypting, finding, and removing data.[4] When sensitive data can be exposed in so many ways by an employee, standard yet credible data management procedures must be in place.
ZEMA is an enterprise data management platform that helps organizations maintain data security and compliance standards by assigning permissions to market participants attempting to access data. Public, subscription, sensitive, and internal datasets are protected so that employees can only access what they are entitled to through ZEMA’s entitlement tool. Access to any analysis conducted through ZEMA is also permission-based. Queries are saved with a status of “public” (full access), “private” (no public access), and “shared” (assigned permissions).
Traders, analysts, compliance officers, and risk managers using ZEMA can assign data validation rules for incoming data and can monitor derived data. These validation rules flag data when it does not meet a corporation’s threshold requirements, meaning it can be withheld from downstream systems. Organizations can also allow users to edit data and track changes within the ZEMA system. As a result, these users can be linked to the particular ZEMA applications they accessed and the activities they performed in ZEMA.
Furthermore, ZEMA keeps records of data usage in downstream trade and risk, business intelligence, and enterprise resource planning systems. A complete audit trail for these records is maintained to prove regulatory or security compliance. These reports can then be transferred on a regular basis to senior management, and, if necessary, to external auditors. ZEMA strikes a balance between compliance and cost efficiency, as organizations using ZEMA can easily associate expenses with their data usage. To learn more about ZEMA and how it can help your business tackle data security issues, book a complimentary demo with us.
[1] Cory Jansson, “Data Security,” Techopedia, accessed August 21, 2014, http://www.techopedia.com/definition/26464/data-security.
[2] Heidi Shey, “Understand the State of Data Security and Privacy: 2013 to 2014,” Forrester, October 1, 2013, page 8, accessed August 21, 2014, http://www.mobility-sp.com/images/gallery/FORRESTER-Understand-The-State-Of-Data-Security-And-Privacy-2013-To-2014.pdf.
[3] Ibid.
[4]”What Are the Risks to Data?” MIT, accessed August 21, 2014, https://ist.mit.edu/security/data_risks.