By Mike Howse, European managing director of data security management solutions provider, Protegrity (protegrity.com)
Information is the currency of database marketing organisations, but an alarming number of businesses do not do enough to protect their critical data. And as data has become a highly valuable commodity on any number of underground markets, an unencrypted database is equivalent to leaving the corporate chequebook in the building's reception area.
Sadly, plenty of businesses and government agencies are apparently doing just that. In a blistering speech in July, Richard Thomas, the Information Commissioner, spotlighted banks and government departments for what he described as "frankly horrifying" breaches of the country's data protection rules.
Thomas' office, the ICO, received nearly 24,000 enquiries and complaints about information privacy issues during financial year 2006/2007, and has prosecuted sixteen individuals and organisations for serious security lapses in the past twelve months according to the ICO's annual report*. Thomas, during an interview on BBC radio, said according to a report by Sapa–AFP newswire: "These (breaches) are inexcusable. None of this is really rocket science. Security is fundamental."
The more valuable data is to your organisation, the more critical it is to protect that data throughout its entire lifecycle. The Ponemon Institute’s “2007 Annual Study: U.K. Enterprise Encryption Trends” shows British businesses believe protecting their brand and reputation is the most significant factor in their decision to deploy encryption technology. The survey also reveals that only 9 percent of UK companies have an enterprise-wide encryption strategy.
While there will always be some enterprises who don't pay attention to security until they experience a data breach, for the most part otherwise sensible organisations hesitate to encrypt data. This is because they fear the process of encrypting (and subsequently) decrypting data will be a significant drain on system resources and/or will make it difficult for employees to access the information they need to do their work.
Security always requires some compromises, but data-centric businesses needn't fear that a good encryption solution, properly deployed, will cause noticeable overhead on system performance, or delays in data access. Modern database encryption solutions scramble information in a database on a column and row basis. Using this method, only the highly sensitive bits of information such as credit card numbers need to be encrypted, the rest of the data is stored in clear text.
The vast majority of database marketing activities do not require access to the most sensitive consumer data such as bank card numbers, so this method enables normal business processes to continue as normal.
Employees still have access to the data they need to target marketing efforts and ensure that consumers get the messages that are important and appealing to them. Information needed for keyword searches, identifiable criteria for segmentation, and other important data is fully accessible, sortable and searchable. Meanwhile information that is most at risk of being stolen or otherwise misused is fully protected.
Apart from protecting data from misuse or mistaken alteration or deletion by authorised users, encryption is also the last line of defence if your network is breached by malicious hackers.
When the Newcastle City Council admitted that personal data and payment card details of up to 54,000 local residents were downloaded from an insecure server to an IP address in the Middle East, at least the council could say that there was no indication of any fraud or loss stemming from the breach.
This was because the credit and debit card numbers and other information were encrypted. It's still an ugly situation, but it could have been much worse. Please don't think it's acceptable to encrypt data and ignore other security issues – encryption is but one part of a properly secured system.
The bottom-line though, when it comes to databases, is that properly deployed encryption will be transparent to users, the encryption and decryption processes are handled by software, so there's no need to learn new processes or develop new work habits.
All that will noticeably change is that one of your company's most critical assets is finally as well protected as it deserves to be. Marketing organisations are increasingly the custodians of sensitive data – they must take those custodial responsibilities seriously or suffer the potential consequences.
Check out 12ahead, our brand new platform
covering the latest in cutting-edge digital marketing and creative technology from around the globe.
12ahead identifies emerging trends and helps
you to understand how they can apply to modern-day companies.
We believe 12ahead can put you and your
business 12 months ahead of the competition. Sign up for a free trial today.