Download the white paper "AES Encryption Strategies - For the IT Executive"
In any organization, the CEO has many jobs. At the macro level, a CEO’s job is to instill confidence in his stakeholders, which include customers, investors, employees, suppliers and partners. To accomplish this, a CEO must be able to establish a level of trust with these stakeholders in order to Inspire, Encourage, and Engage the stakeholders in the vision to which the entity is in pursuit of. This trust ultimately is used to create value for the entity through the confidence that the market has in the ability of the CEO and his team to execute.
Every business has inherent risks in its execution and as part of the CEO’s ability to instill confidence that ultimately results in value, he/she must be able to identify and address each of the risks in the business. Therefore, risk mitigation, by nature, becomes a core component of a CEO’s job.
In a pre-internet world, the risk of data loss was limited to a physical breach of the “four walls” of the entity. Security guards, fences, and access control systems were established to keep people away for sensitive information. However, as today’s world has become connected at virtually every level, the protection of data needs to be equally focused on the data itself rather than simply blocking someone from getting at the data.
Most CEO’s are well aware that encryption methodologies were created for their CIO’s to be able to protect data in their networks. However, this is such a new phenomenon that few CEO’s understand the inherent risks to ALL there data and the changes in the regulatory industry that they must comply with in order to maintain the confidence and the resulting value in their entity.
As you’ve already read, the cost of a data breach isn’t just the cost to the owner of the data whose data has been compromised, it’s to the entity entrusted with the protection of the data as well and it comes in the form of fines and the time necessary to recover from the breach. This is measured in $millions per incident in many cases.
A CEO loses confidence when he/she doesn’t adequately ensure that policies are in place to protect ALL data from breach. Here are some examples of data that needs protection:
- Employee records – anything that includes name, address, phone number, e-mail address, SSN number, insurance information etc.
- Customer records – anything that includes name, address, phone number, e-mail address, EIN number, financial information etc.
- Supplier records – same as above
- Health information records
- Credit Card information
- Password information, even if stored separately
- Confidential information about company strategy / plans
- Confidential information about customer strategy / plans
- Confidential information about vendor strategy / plans
Many CEO’s would answer – my data is encrypted, what’s the problem? The problem is that you’ve probably pasted the key to the encryption on the front door and don’t even know it. “Hey hacker, come on in, here’s the key, take what you want”.
Now lets look at the cost. If you were to have a data breach, the cost may be different depending on what’s been lost. However, that’s a dangerous game to play. The data that isn’t “regulated” may have the greatest impact on your value.
If someone steals confidential customer information, what is the affect on your brand? Can you recover from the market impact of being labeled as not having the safeguards in place to protect your customer data? DropBox is dealing with this question as you read this. They blamed their customers. Who are you going to blame?
The only viable solution to this risk is to ensure that you have an adequate “encryption key management” solution in place that meets ALL requirements of safe data protection methods. You must not only protect the data, you must also protect the keys to the data.
The inability to address this issue may just cost you your company.
Download our white paper "AES Encryption Strategies - A White Paper for the IT Executive" to learn more about key issues in data security, how to choose the right data security partner, and how to develope a strategy that insures early successes.