In order to understand how to protect our data, we need to identify the types of data that are important to protect. While all data are stored in a secure database, an even higher level of protection is necessary for information like credit card information, social security numbers, personal health information (PHI), and other private data. Many industries have regulations and laws dictating the handling of this data, such as HIPAA/HITECH in the health care industry, which deals with protecting patient information.
The first component is called transport level security. This is pretty straightforward. Since your web browser and/or device talks to a web server, you need to make sure that no one is able to eavesdrop on the conversation. The industry-standard way we implement this is using HTTPS and SSL, which is the same way web sites protect pages where you are entering credit card information.
The second component is “at-rest” security. This is where things get deeper, but it’s most important, because it protects the vital information we mentioned above - credit card info., social security numbers, etc.
While your data is only visible to authorized users, it also becomes what we call “at rest.” At this point, your information could potentially be queried by those who have appropriate access. At-rest security makes sure your information is protected by encrypting that content, therefore individuals with access cannot read the data contained within.
We recommend a full-scale data protection plan in order to identify critical data. In doing so, the security will be able to successfully audit procedures so that a full trail of access can be investigated, and are able to secure all certificate keys, which are all crucial steps in this security approach.
Spud Software has worked in a variety of industries and have helped many organizations with their security protocols. We hear about it in the news every day with security breaches. Hackers are finding new methods to retract vital information. Don’t let this happen to your company. We can help guide you through this process and ensure your data and your client’s data are safe and sound.