As state and local agencies embrace more efficient, dynamic, agile, and cost-effective technologies like virtualization and cloud computing, they are bound to be worried about remaining compliant with applicable security regulations. It’s a natural concern.
Protecting data in dynamic environments is different from segregating and protecting data in static, physically isolated data centers. Done properly, though, it’s possible to remain compliant, says Bill Hackenberger, vice president of data security at HyTrust. The key is taking one step at a time.
STEP ONE: Identify sensitive data. If you think you know where all of your sensitive data is, you’re probably wrong. While you might know the location of your most important databases and applications, often those applications can leak data out into the world, making data susceptible to theft. You can control the server upon which your database runs, but you can’t control someone generating a report and putting the resulting text file on another host. Locating sensitive data is a continuous task, and requires tools that can routinely look for and report on the location of these files.
READ MORE
Tackle Compliance Step By Step
Identifying and encrypting data, then automating the process, is a sound approach.
