The Myth of Information Security:
Everything Needs to be Protected
by Kevin McLaughlin, UC Director of Information Security
When you think about the total amount of data that goes across our university on a daily basis, protecting all of it seems a daunting, if not impossible, task. It is hard to wrap one's mind around how much a gigabyte of data is, let alone trying to conceptually understand what a terabyte of data is. Does it seem that current regulatory requirements and Information Security professionals are saying that all this data needs to be protected? Not true... that is a myth generated to scare the masses. For most of our departments or colleges the reality is that only five to ten percent of the data that transverses their infrastructure, or sits within electronic and physical filing cabinets, is sensitive enough to need protection.
How do we differentiate between data that needs to be protected and data that does not need protected? One answer is for us to embrace a campus wide data classification scheme that allows the owner of the data to decide which of their data should be treated as:
Highly Restricted
Sensitive
Public
Once data owners classify their data they can then make smart choices about which data to protect and which data not to protect. This also allows the site data owners to save money by purchasing tools or establishing business processes that protect the five to ten percent of data that requires extra protection vs. trying to protect 100% of the data flowing through their work areas.
We do not need to choose between protecting a small percentage of our data or maintaining our IT independence or freedoms. Rather, by focusing on the small amount of data that truly needs to be protected, we can lessen the complexity and obtrusiveness of data protection and regulatory compliance while reducing the cost of people, time and dollars.
We are the custodians of data that we are legally required to protect and secure. To do this will require small sacrifices on our part, like having to wear a seat belt when driving a car in Ohio, but if we focus our attention and tightened security on the small percentage of data that needs to be protected we might actually find out that we can have our security and our freedoms too.
|
