The System z Ecosystem Protects Vital Enterprise Information Assets
Illustration by Brad Yeo
The lifeblood of business and government, data is growing exponentially, flooding organizations. Using it to the company’s advantage presents an opportunity for increased revenue and reduced cost and risk. But misusing it exposes an organization to compliance failure. It’s becoming increasingly difficult to retain, manage and secure greater volumes and more types of information for longer stretches of time. Do it successfully and the rewards can be great:
- Simpler audit processes
- Lower costs of compliance
- Improved response to a dynamic marketplace
- Enhanced security for production, test and development environments
Failure can result in serious financial and criminal penalties, loss of consumer confidence and brand damage. Therefore, information integrity, availability, protection and governance must be at the heart of organizational strategy and operations.
The first question to ask when evaluating information protection is, “What needs to be protected?” Protecting the organization comes down to three related areas:
- Corporate governance entails people, processes, policies and technologies used to manage and protect data in order to establish a complete, correct and trusted source of information
- Risk management involves activities around the identification, assessment and prioritization of potential threats to the organization, whether operational, financial, reputational or physical
- Enterprise compliance addresses issues regarding adherence to regulatory and industry standards
The sheer quantity of structured information (data) and unstructured data (content) that must be protected can be staggering. Information protection can be broken down into:
- Security and privacy—preventing disclosure to unauthorized individuals or systems within or outside the enterprise
- Audits—ensuring compliance with internal requirements and externally influenced legal, government and industry regulations
- Integrity—striving to ensure data cannot be modified without appropriate and controlled authorization
A Holistic Strategy
Information must be protected throughout its lifecycle. A holistic strategy includes defining a vision for protecting information, defining acceptable risk tolerance, identifying roles, and establishing a reporting framework for internal and external bodies that adhere to regulatory requirements or organizational policy.
This effort includes enforcing protection policies for data in use, in motion and at rest, and can begin in a limited fashion and expand to include additional systems, processes, organizational units or business entities.
The final—and perhaps most central—element of information protection is deploying capable technology that enables all of the above.
Search our new 2013 Buyer's Guide.
Technical Corner | The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.
Trends | The Payment Card Industry Data Security Standard has changed, and so should you