Data Protection: It's the Data, Stupid
In today's world of mobile workers, teleworkers, thumb drives, BlackBerries and social-networking sites, IT executives can't worry about devices - they need to focus on protecting data wherever it is.
The obvious place to start - considering that an estimated 5,000 laptops are stolen or lost each year - is the laptop hard drive: It needs encryption. (Read a column about the Drive of shame.)
Software vendors and such open source projects as TrueCrypt offer whole disk encryption across all operating systems, and Microsoft offers disk encryption in Vista, so IT executives have no excuse for not encrypting laptop data. In addition, such hardware vendors as Fujitsu, Hitachi and Seagate Technology offer hardware-based disk encryption.
Another trouble spot is e-mail. A variety of e-mail encryption methods are available, but all of them run into the same problem - they require the recipient of the encrypted e-mail to go to a secure server and enter some form of identification before they can gain access to the decrypted e-mail. For most people, this is a nuisance that rises to the level of a deal-breaker.
Another way to approach e-mail security is through data-loss prevention. DLP tools scan outgoing e-mails for such information as Social Security numbers, sensitive keywords or other possible breaches. Then they flag the offending e-mail. Companies dictate how offending e-mails are handled: They can be returned to the sender, bounced to an IT manager or encrypted.
DLP products, however, can be difficult to get right. That's because companies have to hammer out policies for determining which types of data need watching, what happens when an e-mail is flagged, and whether the individual user should be required to decide whether to encrypt specific e-mails or types of e-mails. For example, the CIO might not appreciate it when he sends an e-mail to the CFO and it gets flagged, bounced back or held up.
Other potential problem areas - everything from thumb drives to smartphones - abound. Nevertheless, vendors today are offering encrypted USB drives and business phones with encryption features. IT executives need to make data security a requirement every step of the way.
Green IT: A New World View
Can you afford to be green? Can you afford not to? Those are the questions IT executives face as they grapple with the notion of environmentally friendly computing in the midst of a crushing global economic downturn.
For many companies, going green simply means cutting data-center power expenses. By now, the basic principles of doing that are pretty well understood - consolidate servers, set up hot and cold aisles, optimize airflow, raise the ambient temperature a few degrees.
Such changes can save money, but green IT doesn't stop at the data-center door, and companies can't just pass the buck to facilities managers. IT departments can and should undertake a number of green initiatives - which won't break the bank, either.
First, persuade your company to measure its carbon footprint. This seems like an obvious place to start, but you can't address the issue in a logical, analytical manner if you don't have a starting point.
Once you have a sense of that footprint's size, you can set goals for reducing it by an achievable amount - say, 5% or 10% over a certain period of time. There are a number of actions you can take, including these:
-- Power down unused servers or desktops.
-- Use energy efficiency as a purchasing criterion when you replace older equipment, including network gear, servers and UPS.
-- Adopt recycling and reuse programs.
-- Think about alternative sources of energy.
-- Encourage videoconferencing to reduce air travel.
-- Cut back on ground travel.
-- Pressure vendors to demonstrate that they have green strategies.
Finally, don't be fooled by "green-washing." These days, every vendor claims to be green. Be sure to verify those claims.