The paranoia of Data & Information Security
Data security in any company has come to such a level of paranoia that either it does not happen at all or it is overdone. In most cases it is observed that Data and Information security is coming in the way of employee productivity. Although exact figures or even an intelligent guess is not available on what is the time and money being spent on ensuring data security in organizations, but it is for sure that the complete action is pretty time consuming and certainly affects the productivity.
Lack of security at times can be even more damaging and that is the reason why return on investment for Information security is measured in not what productivity it is bringing but the cost of potential damage in case of its absence.
However, in my experience, the entire exercise of information security must be seen in a different way than what is being done now. Organizations must classify the data available with them and accord the levels of security accordingly. Data classification is something which is one of the essential tenants of information security, but no one in the information security team has any idea on the importance of the various types of data they have to protect. This lack of knowledge or help from business to share this knowledge leads in applying the same security principles across.
The security applied to very high importance data and simple harmless files may be almost the same in absence of this information. Again, this ends up in higher cost and more inconvenience to users.
Information security teams therefore should spend time in categorizing the data and according security treatments accordingly.
There is however no control on internal data thefts which most of the organizations have not been able to enforce effectively. Security teams end up denying a lot of deserving facilities to employees in the name of security. This can be handled effectively by deploying virtual terminals to avoid data thefts from individual machines inside the company. These simple steps would help make security more meaningful and also be helpful for enhancing productivity of employees.