Corporate IT council to look at governance to help safeguard data

Todd Weiss   Today’s Top Stories    or  Other Business Intelligence Stories  

Driving BI Value with Data Integration: Overcoming the Thorniest Challenges Survey: Business Intelligence Maturity and the Quest for Better Performance BI @ The Speed of Business Computerworld Custom Publishing: Bright City Lights Sign up to receive Security Resource Alerts

July 01, 2005 (Computerworld) -- Looking beyond traditional IT network security, a new Data Governance Council has been created by IBM and several dozen companies and IT organizations to help corporate technology users look into better protecting their data against hacker attacks and other breaches.
In an announcement yesterday, IBM said the council will work to create a blueprint for the governance and protection of personal and organizational data within companies.
"When they look at security or the governance around their businesses, [most companies] haven't taken a data-centric approach to it," said Stuart McIrvin, director of corporate client security strategy for IBM. Instead, they usually look at security and policy issues without keeping the importance of their data as a central theme, he said.
The idea of data governance looks at how companies permit and govern appropriate access to their critical data by measuring operational risk and mitigating security exposures associated with access to data, according to the council. The group will look to redefine the management of data governance policy, the impact of policy on business processes and practices, and the enforcement of policy in IT infrastructure, content and organizational behavior.
The idea for the council grew out of discussions and informal quarterly meetings IBM has had with customers and business technology partners for almost a year, McIrvin said. "We're talking with real customers who have these problems," he said. The group's mandate is to "dig deep into issues around companies managing their data," he said. Yesterday's announcement formalizes the creation of the group and its continuing operations.
For IBM and its business partners, the input from customers will help tailor new and existing security software features and products that can help customers respond to the problems, he said.
"We're starting to look at some of the tools IBM has and how we can modify them to meet customer needs," McIrvin said. Some customer members of the council have volunteered to run pilot projects to test new data governance and security technologies, he said. "That's the ideal environment," as opposed to testing in a software lab. "With a real customer using it, it makes seeing its operation easier."
Robert Garigue, chief information security officer of Bank of Montreal, a council member, said a new approach is needed to help companies oversee access to customer data.
"I think data governance information management is an idea whose time has come," Garigue said. Security issues in IT have long focused on defending corporate network perimeters, he said, but that is changing because the data itself has to be protected with access controls and management.
"Managing the content is difficult. It's not just incremental," Garigue said.
"We need to evolve frameworks to build the security around the content and not just around the pipes," he said. "Increasingly, companies are seeing alarming rates of data theft. The council's ultimate goal is to transform data governance and compliance from yearly audits to real-time, change-driven, on-demand business processes that continually assess risks, update policies and manage resources across the enterprise."
Among the top governance issues to be explored by the council are security, privacy, compliance and risk challenges that need common solutions and standards, as well as misunderstandings regarding organizational and IT roles and behavior, which can potentially cause data exposures. Other problems include corporate policies and rules that aren't linked to business processes or IT systems, and the lack of common methods for metadata classification and IT integration, according to the group.
Members of the council include ABN Amro Bank NV, American Express Co., Bank of Montreal, Bell Canada International Inc., Corticon Technologies Inc., Danske Bank, Deutsche Bank AG, Fidelis Security Systems, Great American Insurance Co., Huntington Bank, KeyBank, Merrill Lynch & Co., Novartis AG, the Nassau County, N.Y., government, North Carolina State University, Northwestern Mutual Life Insurance Co., Nova Southeastern University, the United Nations Development Program and the World Bank.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"Enterprise search continues to lag behind commerical search because companies lack a "findability" strategy, says one researcher...." Read more... "It's IT Blogwatch: in which we all wonder how much we get paid and Glassdoor.com helps us out. Not to..." Read more... Read more Business Intelligence posts or See all Blogs

Google gives away home-cooked Web application security scanner Microsoft trumpets security additions in upcoming IE8 Apple cuts price of high-end SSD MacBook Air by $500 More top stories...

Ultrathin showdown: Apple MacBook Air vs. Lenovo ThinkPad X300 vs. Toshiba Portege R500 Best Places to Work 2008 Storm botnet stages Fourth of July attacks

This old laptop: Revitalizing an aging notebook on the cheap All it takes is a couple hours and about $125 to breathe new life into an old laptop. Here's how. Bill Gates moves on Is Microsoft's Golden Age over? What are Gates' most memorable quotes? Find out in Computerworld's complete coverage of the end of the Bill Gates era at Microsoft. Five things you should never tell your boss There are some things your CIO definitely doesn't want to hear. Also don't miss the flipside, Five things you should always tell your boss. Hands-On: Firefox 3 fixes what's broke and keeps what's right With its latest version, Mozilla's browser continues to raise the bar for what Web browsers should be. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone See your link here

Speeding the time to intelligence Get this Computerworld report free for a limited time, compliments of SAS. Time To Intelligence -- a concept defining how long it takes to get accurate and timely information into the hands of workers who need it most. Do it slower than your competitors and your company is toast. Do it faster, you scorch them. Business Intelligence is the key to optimizing Time To Intelligence, and success there is a combination of people, policies, and technology. Download this executive briefing  Why SaaS is Vital to Email and Web Security Why SaaS is Vital to Email and Web Security Download this webcast, free, compilments of Webroot Software Go to the webcast  Rapid application development, rapid results Download this special report now! (Source: Intersystems) All too many businesses suffer from IT infrastructures that are a hodge-podge of disconnected databases and applications. What's needed is the ability rapidly develop connected applications under a unified service-oriented architecture. InterSystems Ensemble integration environment and Cache database are effective tools in answering this need, delivering a rapid ROI. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Deploying Virtualized NetWare on Linux Whitepaper Toward More Flexible, Next-Generation Collaboration Solutions Driving Business Success Through Workgroup Choice and Flexibility View more whitepapers

• Google gives away home-cooked Web application security scanner
• Microsoft trumpets security additions in upcoming IE8
• Apple cuts price of high-end SSD MacBook Air by $500
• More top stories 

SAS Business and Analytics Zone No matter where your organization is on the path toward evolving your IT infrastructure, SAS can adapt to your situation to meet your long-term enterprise intelligence needs. We can help you drive intelligence evolution to the next level, while leveraging and extending the value of your existing IT investments. Learn more in the Business and Analytics Zone See All Zones

Intercept Spam & Viruses With MessageLabs MessageLabs is offering a complimentary 30 day trial of its managed Anti-virus and Anti-spam security solutions. MessageLabs guarantees complete protection against all know and unknown email threats. By providing 24 hour support, your business can increase productivity and decrease risk. Register for a complimentary trial and receive a free datasheet. Download this white paper now!

Since You Asked A weekly storage column from storage analyst, Steve Duplessie of the Enterprise Strategy Group Click here to read the latest column by Steve Duplessie