Corporate IT council to look at governance to help safeguard data

Computerworld - Looking beyond traditional IT network security, a new Data Governance Council has been created by IBM and several dozen companies and IT organizations to help corporate technology users look into better protecting their data against hacker attacks and other breaches.
In an announcement yesterday, IBM said the council will work to create a blueprint for the governance and protection of personal and organizational data within companies.
"When they look at security or the governance around their businesses, [most companies] haven't taken a data-centric approach to it," said Stuart McIrvin, director of corporate client security strategy for IBM. Instead, they usually look at security and policy issues without keeping the importance of their data as a central theme, he said.
The idea of data governance looks at how companies permit and govern appropriate access to their critical data by measuring operational risk and mitigating security exposures associated with access to data, according to the council. The group will look to redefine the management of data governance policy, the impact of policy on business processes and practices, and the enforcement of policy in IT infrastructure, content and organizational behavior.
The idea for the council grew out of discussions and informal quarterly meetings IBM has had with customers and business technology partners for almost a year, McIrvin said. "We're talking with real customers who have these problems," he said. The group's mandate is to "dig deep into issues around companies managing their data," he said. Yesterday's announcement formalizes the creation of the group and its continuing operations.
For IBM and its business partners, the input from customers will help tailor new and existing security software features and products that can help customers respond to the problems, he said.
"We're starting to look at some of the tools IBM has and how we can modify them to meet customer needs," McIrvin said. Some customer members of the council have volunteered to run pilot projects to test new data governance and security technologies, he said. "That's the ideal environment," as opposed to testing in a software lab. "With a real customer using it, it makes seeing its operation easier."
Robert Garigue, chief information security officer of Bank of Montreal, a council member, said a new approach is needed to help companies oversee access to customer data.
"I think data governance information management is an idea whose time has come," Garigue said. Security issues in IT have long focused on defending corporate network perimeters, he said, but that is changing because the data itself has to be