Corporate data can be transported in many ways. As an IT Project Manager there are several areas of consideration in the development of technology systems built for corporations. In a 2007 report, 1,408 IT decision makers from the United States, United Kingdom, France, Germany and Australia, participated in a survey to capture information about corporate data security. While 60% of those surveyed realized that they had data problems none of them were 100% confident in their ability to track data leaks. Armed with this knowledge, where do your IT project plans incorporate data security planning?
As an IT project manager, if your system or application is integrated with sensitive data of any type you should be thinking about security. Sensitive data consists of credit or personal information as the general public is most commonly aware of. Other types of sensitive data on the corporate side would be sales information, trade secrets and patents for example.
In February of 2007 it was revealed that a scientist within DuPont stole $400 million worth of trade secrets. A Carnegie Mellon study found that many employees with new job offers often take information from their current company before they leave for their new position. In April of 2007, the social security numbers and birth dates of 2.9 Million Georgia medicaid recipients went missing in transit. The TJ Maxx credit card cyber-thief had the encryption key but may not have needed it since the data was stolen prior to encryption.
In reference to the 2007 study, only six percent of the 1,408 companies surveyed could categorically state that they have not lost any data in the last two years. While many companies are concerned with attacks by hackers, 61% of those surveyed felt that data loss was due to insiders. The survey indicated that 55% of data leaks are intentional. The survey also indicated that 23% of a corporations data loss is malicious. One area the report overlooked was employee resignations. There is the likely potential that this is a high risk group of corporate data leaks.
What this means to organizations is that data security needs to be analyzed in all areas of an organization and not just in the IT department.
For Project Managers …
- Data used by applications or system solutions needs to be classified and managed accordingly.
- Proper controls need to be in place to determine who has access to what data.
- Monitors should be in place to track or block access to sensitive data.
- Data flow through email, messaging, FTP or any other web protocols should be monitored.
- Enforce corporate data policies. (If policies do not exist, create them and enforce them. Train the employees on data policies. This may be out of scope for the PM, but a suggestion to the corporation.)
This is just a short list of security concerns for the IT Project Manager.
The information presented here is based on a report I created in August of 2007. Even though this is based on a two year old academic report it is still relevant for today’s IT Project Manager.
For more information on IT Data security measures please visit …
and