Verizon Boosts IT Data Security
The Verizon Business Data Discovery, Identification and Security Classification (DDISC) addresses a specific problem Verizon identified earlier this year in its annual Data Breach Investigations Report, says Omar Khawaja, product manager with Verizon Business.
That report showed that many businesses don’t know where all their data resides or even that some data exists, and that this unknown data is much more vulnerable to being breached. About two-thirds of all data involved in breaches was not known to exist on the systems hosting that data, according to the report.
”For a large business, it is very difficult and complex to keep track of data,” Khawaja observes. “A few years ago, data was stored in databases, and an administrator kept track of it. Today 80 percent of data is unstructured data -- it may be on my laptop, on my BlackBerry, my iPhone, or my home computer. Companies are sharing a lot more information with partners, and it’s harder to keep track. With the advent of Web services and Web 2.0, data is everywhere.”
The DDISC consulting services provide experts to discover where data is being stored, and to identify that data and classify it, based on how sensitive it is and on company policies. Verizon can then help businesses determine necessary changes to how data is being handled and secured.
DDISC represents a more data-centric view of security, Khawaja says, one that takes into account what the data represents and how it is used in determining how to secure it.
”We want to go from treating data as data to treating data as information. The minute you know a nine-digit number is a phone number, then it’s not just data, it’s information, which has some inherent utility, inherent usability associated with it. The next leap is from information to asset, where the data has not just utility but actual value. You go from understanding the location of the data to understanding what the data is to putting it in the context of your business environment and associating some level of value or priority.”
Verizon Business has been offering this kind of service on a custom basis, but has now created a more uniform offering available in North America, Europe, and Asia/Pacfiic.
The consultants involved have a general plan going in, Khawaja notes, but then delve into specific business priorities and practices on site before conducting a technical discovery scan that locates data. The Verizon experts then help a company decided which data needs what kind of protection. Some of those decisions are based on regulatory compliance with laws such as the Payment Card Industry Data Security Standard (PCI), Health Insurance Portability and Accountability Act (HIPAA), and Gramm Leach Bliley Act (GLBA).
Since its acquisition of CyberTrust, Verizon has been rolling out managed security services and steadily enhancing its offerings. Most recently, Verizon announced a security service focused on applications. (See Verizon's New Security Offer Covers Your Apps.) — Carol Wilson, Chief Editor, Events, Light Reading