It’s time for organizations to realize that IT can barricade and protect data with firewalls, plug-ins and honeypots until everyone in IT is blue in the face – but if a skilled hacker wants in; they will get in. However, that should not discourage IT from taking action and, for IT Asset Management (ITAM), there are proactive and reactive steps that an IT Asset Manager can take to help prevent many data breach attempts and mitigate the damage of those that are successful.
The proactive steps are the most well-known and consist of organizations putting security protocols in place to prevent unauthorized access. Ignoring security protocols is like leaving the keys of the car on the driver’s seat of an unlocked car. The specialists primarily responsible for this effort are the IT security department of your organization, but they cannot work alone. IT security requires multidisciplinary support including ITAM. IT Asset Managers should work closely with IT security on data protection, guiding them on what data protection points are priorities and also consulting them about data protection policies when applied to ITAM processes. IT Asset Managers have a unique, broad view of the organization’s environment without common limitations such as financial status (capitalized or not), location (in a data center or not) or point in the asset’s lifecycle. The scope of ITAM offers unique knowledge, from awareness of critical data locations to assistance with maximizing budget efficiency.
The data security reactive steps focus on damage control, risk mitigation and data integrity. The reactive approach should not be viewed as a byproduct of an unprepared program but as a necessary transition of thought processes if/when a breach should occur. These essential plans minimize organizational response time and limit the time an organization is vulnerable.
The first task is to form an incident response team that includes members from executive management, IT, HR, public relations, legal and operations. The IT Asset Manager may be a member of the team or serve as a resource to the team. The potential for ITAM to contribute is best understood by discussing what is required for this team and how well it fits with ITAM responsibilities:
- The roles and responsibilities for this team have to be clear to be effective, especially since the organization is relying not only on their specific area knowledge but also on their understanding the “big picture” for the organization.
- Communication procedures need to be established including training and practice. During a breach, this task includes communicating to employees outside of the response team that a breach has occurred and what the plan of action is. Preparing and training in this manner will ensure that the incident response team is ready to act if a data breach occurs.
- The incident response team needs to test to ensure that the procedures shut down open data breaches, identify lost data, notify the correct people, track where the data has gone, assess the risk the lost data represents to the organization and handle any public relation issues that might arise. Because of the importance to the organization, simulating a data breach is recommended followed by executing an internal audit of the team’s response to the breach and identifying strengths and weaknesses. (Victory is won by those who have prepared to be victors.)
Data breaches have become inevitable. However, an organization’s response to the breach is the differentiator that protects organizational data. It is not simply a case of finding the holes and shutting them down. Reducing the risk from data loss, data theft, malware, Trojans, etc. requires an internal, coordinated response that includes policies, processes and documentation. Protecting the organization’s data takes the contributions of many, including the IT Asset Manager.
“What to do When a Data Breach Occurs” CIO Insight, August 20, 2014, http://www.cioinsight.com/security/what-to-do-when-a-data-breach-occurs.html/