Seven Data and Information Security Mistakes

Source: Click Here

In an IT organization security is the top priority and every organization is working towards building a 100% secure network.99.9999% still means the organization is not secure.This article talks about the common security mistakes seen in an organization.It is usually the common traps that can be easily avoided.

1. Securing Only Networks:It is also important to secure the endpoints.
2. Not aligning Security with Business Goals:Seccurity projects are just addressed as one among a workflow but not considered to be a revenue generating project so overlooked most of the times.
3. Not changing passwords often : or Tracking Access:Passwords need to be changed especially when there is any change in the organization like when an employee leaves the company.
4. Not knowing where the Data is:It is essential to know the data location to know what kind of threats can harm it.Also to know the security efforts put in.
5. Not vetting encryption used by vendors:The U.S. Government requires FIP-140-2 encryption for data and validated.The government considers data encrypted by this method as plain text which can pose unnecessary risks.
6. Neglecting Data Governance:Everyone needs to know who can access what data.Policies should be reviewed and followed on how to control the data.Also evaluate the entire process.
7. Not Disclosing Data Breaches:It is very important to let everyone involved with the organization to know about such breaches.It enables everyone to be more cautious and work together to protect 

I think the main aspect of making sure to disable accounts from previous employees and make sure the applications passwords need to be changed.The company I worked previously never changed passwords and always wondered how this could not be a addressed in anyway.But once it got acquired to a bigger company they had password policies but still employees never got the concept of security is my feel.

Data Virtualization

Source: Click Here

This article highlights the basics of data virtualization to somehow who wants to know about it and also mentions about the capabilities.Data virtualization is the process of handling data without diving into the technical aspects of it.The technical aspects of data include the location,storage structure,technology involved.It is used to describe any approach to data management that allows applications to retrieve and manipulate data.

Data Virtualization Illustrated to help visualize the actual process:

                         

Data virtualization uses the concept of data abstraction which is the process of reduction of characteristics to make it a simplified representation of the whole system.This methodology helps in helping make decisions faster,improves operational efficiency,quality,increases revenue and lowers cost.

Data Virtualization enables the technology with the following capabilities:

1. Abstraction
2. Virtualized Data Access
3. Transformation/Integration
4. Data Federation
5. Flexible Data Delivery

Data virtualization also addresses requirements for data security,data quality,governance and optimization.I have worked on data from a technical support side and have seen the usage of data virtualization.We have applications like an administrative front end which enables us or the users to look at their managed data and make changes by simply clicking,modifying and importing data for updates similar to ETL functions.The back end is where data virtualization gets into effect by the developers handling the database design aspects.This is very helpful to customers and other people who want to have front end access but also be able to control data to some extent.I see this technology to be widely used in various forms across different organizations.

Reference:

• http://www.ebizq.net/blogs/guest_session/2009/12/putting-data-to-work-for-cloud-bpm-mdm-and-soa-projects.php
• http://whatis.techtarget.com/definition/data-abstraction

Enterprise Resource Planning (ERP)

Source: Click Here

This article brings out the simple features of Enterprise Resource Planning( ERP) and how it can be visualized.In a nutshell ERP software tries to integrate all different departments and functions of an organization into a single computer system to serve the various needs of the departments.The purpose of this system being the free flow exchange of information across the various business functions within the organization and connects with outside stakeholders.It seems a herculean task to get all individual units on board on a system.But with the help of an integrated  approach this can be made feasible.
Below one can see the differences between a non-integrated system and an integrated one.


                                    

ERP system is a complex one during the implementation phase but by spending quality time and investment it adds a lot of value to the business.ERP helps in accurate forecasting,integrating leading to effective communication and planning.ERP can be expensive initially but once the system is running can expect to minimize costs and be effective.However one needs to take precautions to make sure ERP is done the right way otherwise might cost a fortune.

Network Infrastrcuture - Out Dated?

Source: Click Here

This article talks about the Network Infrastructure that exists and needs a makeover all together to keep it up and running.The routers and switches that exist are running old versions and also quite insecure.It is interesting to see how the networks have passwords which provide full access to the administrator and whoever has access to the routers and switches.They seem to have the very first versions running which have security flaws and when updated to a version 2 they get to a security level which is still not very secure.Even after updating all the network devices the firmwares seem to not be on the current versions.

The network infrastructure is a very important aspect for an IT organization and one needs to be on their toes to make sure it is updated from time to time.At some cases this might not seem feasible until a project is taken up and worked to make this update-able on a regular basis.This is a repetitive process and regular feeds will help to keep the network infrastructure current and incase of failures there is a plan in place.Considering to employ support staff and also engage consultants will be worth the money and effort.

I believe Network fails the company fails.If Security fails everything fails.These are inter related and it is the organizations top most priority to keep their Networks intact and work towards building a reliable and secure infrastructure to be able to build upon their business overall.