Data Protection Strategies

January 28 has been designated globally as the Data Protection/Privacy Day. On this day, we are reminded of the importance of protecting data in any form, especially electronic data. Much emphasis is placed on data at rest and data in transit. This is understandable, especially judging from the fact that most data breaches have been connected with data housed in databases or shared drives. On the other hand, data in motion has often been associated with data exfiltration, unintentional transmission of data to the wrong recipient, data leakage, etc. Whether at rest or in motion, protecting data is crucial to any organization.

There is an abundance of technologies to protect data, including data loss/leakage prevention solutions, encryption, tokenization, access controls and passwords, just to mention a few. Despite these technologies, we are shocked, almost weekly (to be modest) of the news of yet another significant data breach. The inclusion of password as a data leak prevention strategy might draw cynicism from those who believe that passwords are not enough to prevent data loss or exposure. This is also the position of Microsoft with its push for the eradication of password as a means of securing accounts. However, the recent exposure of 250 million records of Microsoft’s customers is a reminder that any security strategy applied to protect data is better than none. In this unfortunate incident, servers housing these records were left exposed online for 14 years! Securing the servers with passwords would have saved the tech giant the embarrassment it faced…