What Is Data Lifecycle Management?
The Data Lifecycle goes through 5 steps: creation
, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. The multiple part blog, (I am not sure how many parts it will take), will walk through the steps of the data lifecycle and what a company can do to implement a good process for all the data management challenges.
Data lifecycle management (DLM) is a policy and procedure based approach to manage information movement. Data has to be classified and evaluated to properly protect it with the right resources. Ownership is a key factor in managing and maintaining data throughout the lifecycle
The 5 Steps
1.Creation How does data creation get managed?
2.Usage What limitations are on data usage?
3.Storage What controls are in place for storage?
4.Transportation How is data transmitted between company, customers and business partners?
5.Destruction What is the validation and verification process over data destruction?
The Data Management Problem
Weak processes in place to track creation usage, transportation, storage and destruction
Weak ability to monitor and manage a customer record throughout the lifecycle
Inconsistent processes across each phase of data movement
Lack of enforcement capabilities
What should be the goal of data lifecycle management?
Provide practical steps to manage each step of the customer record management process
Provide cost effective solution for risk mitigation
Provide framework for data management
Reduce risk of data loss
Challenges to Customer Data Records Management
Rarely does a company have a centralized process to track controls over data, over management processes around data, over logging and monitoring, and removal
Organizations rely on technology to secure data not processes that drive technology purchases
The 5 steps of data management are not followed by all functional groups in a company
No clear ownership and classification of customer data elements
Did you know
1 in 400 emails contains confidential information
1 in 50 network files contains confidential data
4 out of 5 companies have lost confidential data when a laptop was lost
1 in 2 USB drives contains confidential information
Companies that incur a data breach experience a significant increase in customer turnoveras much as 11%
Over 35 states have enacted security breach notification laws
Can openers were invented 48 years after can
Why does traditional security not work for DLM?
Users have risky behavior. They will always have risk behavior and we rely on mostly technology controls to keep them in a secure box. Solutions aimed at the external threats coming in, not the regulation and governance of internal communications going out. Problems we see are typically:
Unauthorized application use: 70% of IT say the use of unauthorized programs result in as many as half of data loss incidents.
Misuse of corporate computers: 44% of employees share work devices with others without supervision.
Unauthorized access: 39% of IT said they have dealt with an employee accessing unauthorized parts of a companys network or facility.
Remote worker security: 46% of employees transfer files between work and personal computers.
Misuse of passwords: 18% of employees share passwords with co-workers.
The reasons typical technology controls will not work in the full DLM process are:
Products are not geared to protect a full life cycle of a customer records
Most solutions and processes are outward facing, based on perimeter security
Encryption can affect data management
Real-time intrusion detection and remediation is rare
Context and intent of messages was not analyzed properly
Functional areas in organizations create different policies, monitoring requirements, enforcement priorities and reporting
New technologies can avoid security measures
Technologies look at the network, the operating system or the application not the data across all environments
Not mapped properly to regulations
What risks does customer data loss pose for organizations?
If we know that security is not working, what are the risks we face? A very recent example of how this can have a practical affect is with the Massachusetts Privacy Law 201 CMR 17.00. Loss of data can have a great financial impact with this law. Key things we need to consider include:
Penalties: Not complying with regulations can cause civil and financial penalties
Confidence: Loss of customer confidence because of a customer data breach lose customers
Reputation: Damage to reputation will lose customer and damage relationships
Competitive Advantage: Information and customers can move to competitors
Costs: Ponemon Institutes 2008 annual study, average $6.6 million per breach.
Valuation: Decreased stock prices could result
by: Ekta
Will opting for Portfolio management services India help? Hire Dedicated Mysql Specialist For Better Data Management Management Training Centre - Are you Getting The Real Deal The Benefits Of Using The Landesk Management Suite The Effective Methods of Sales Management Training Concepts For Better Management Of Office Spaces Wealth Management in Hungary Companies warm up to project management The Medicinal Marijuana Strain ‘Granddaddy Purple' and Pain Management Debt Relief Management - Save More Money in Debt Repayment With These Financial Strategies Credit Card Debt Management Tips For 2010 - Proven Debt Relief Tactics Cost reduction through Supply Chain management (SCM) & Third Party Logistics (3PL) Living Debt Free - Tips For Better Financial Management