nuBLOG

Gary Palgon
Vice President, Product Management
nuBridges

CIOs everywhere are being told by the business that they need to share more data, both internally and with business partners.  And then they are being told to secure more data to limit its use to only authorized users. 

Retailers, like many other industries, have been battling this during the past few years as they strive to comply with the PCI Data Security Standard to protect credit card information but the battle is only getting more complex.  Key to many organizations is their customer information, often part of loyalty and/or credit programs which require them to store for future use information considered to be personally identifiable information or PII. 

In a recent article by Walt Conway about what he heard at last week’s National Retail Federation (NRF) conference, he noted “While in New York, I heard a lot of CIOs talk about balancing the pressure to open systems and databases to more internal users with the need to protect the data. This balancing act will get more interesting as the volume of customer data expands.”  This is exactly the dilemma I hear all of the time.

And while that’s from a retail perspective, it’s no different in Healthcare.  Look at the US Health Information Technology for Economic and Clinical Health Act (HITECH) which as part of the American Recovery and Reinvestment Act (ARRA) has a goal to implement electronic medical records (EMR), secure protected health information (PHI) and share patient data security through out the ‘medical supply chain’.  Once again, the theme mirrors that above, share the electronic data but also secure it.

There are no silver bullet answers here, but it is important to take a strategic look at how PCI, PII and PHI is created, used, shared, archived and destroyed in order to properly ensure it is only used by authorized individuals, secure at all times and destroyed when it is no longer needed. 

What are the challenges related to locking down data and sharing more data in your organization?

Until next time,

Gary

PS...Later this week, nuBridges is releasing a new White Paper, "The Power of Integrated Protection."    This White Paper explores the emerging issues that are driving enterprises to seek an enterprise-class encryption, tokenization, key management and compliance solution to protect sensitive PCI, PII and PHI data.   I am offering early access to my loyal blog readers.  Click here to download the new White Paper, "The Power of Integrated Protection."