“The safety of the people shall be the highest law” said Cicero long ago, but even if safety is a basic concern and many efforts are taken to protect organizations and corporate systems, too often we read about data breaches. Every one of us has several examples in mind. Every one of us has updated a password here and there after we learn this or that system has experienced a data breach… and those are the ones that we get to know. The successful data breaches are the ones that we never get to know.
The reward that motivates the effort to make a breach is to have access to the gold of today — the data.
Protecting data is a must but it is certainly not a simple task. With huge and always growing amounts of data laying across multiple systems and applications, and more and more strict regulations and interconnected environments, it can look like a very overwhelming work.
A way to attack such a problem is to divide it into pieces and to take one step at a time.
The first thing to do is to decide what in the vast amount of your data needs to be protected against a breach. That is, the data that alone, or in combination with other information, can be dangerous for your business, for your customers or is simply protected by law. This data can be different from one case to another but for the purpose of this text we will call it sensible data.
Now that we know what to protect we need to know where it is. This again can look simple, but it is not. Data are in the databases… in the files you exchange to complete your processes, in the reports you produce for your executives to run the business, in the files you left in the spool, in the copies you made for backup… you name it. Let’s call scanner the process to examine your system to locate your sensible data.
You want to protect against data breaches all of the time, that is for sure, but there are moments that are especially critical. That is, when the data is accessed or when it is in movement, especially if it is going to leave one of your systems. At that moment, you want to know that this is happening so that you have the ability to decide if this should happen or should be stopped. That is a monitor.
And the remaining question is how your data is protected. Every system has its own protection mechanism that decides what can be done to the data and by whom, but… is it active and well-configured? Does your sensible data have the configuration it needs at your security systems? In order to know that, you use a protection check.
Now the challenge is to find the tools and processes that enable you to know what data to protect, where it is, when the data is accessed or know if the data is moved, and check how it is protected.
A clear example of this is the data that lives in the mainframe systems. As core systems of record, mainframe systems hold multiple applications that use data stored in databases and files. That data can also be transferred in and out to participate in different processes. Moreover mainframe applications have been built over long periods of time, decades sometimes, and their data catalogs are complex and can have multiple storage strategies.
If you have one of these mainframes, please consider taking a look at CA Data Content Discovery. You will find a tool that helps you describe and define your sensible data, and scan your system to find it across databases and files of any kind. It will monitor when that data is moved and will tell you how it is protected and who can do what to it, all in a single place — helping protect you and your customers from data breaches.
Mainframes are known for their performance and reliability. With some care and the right tools, it can also be your best ally for data safety.