Data security: more than protecting bits and bytes: companies store and transmit huge volumes of data, including customer and personnel records, intellectual property, trade secrets and other proprietary assets. Securing this information against malicious attacks, accidents or negligence is vital to their operations.

• Author: Barbour, Tracy
• Position: TECHNOLOGY

Data security is growing in importance, as more people use mobile devices to access corporate networks and organizations strive to meet government and industry standards for protecting their customers' information.

Digital data amounts to more than bits and bytes. It represents the lifeblood of organizations, says Bill Ketrenos, vice president of information security and enterprise networking for Structured Communication Systems, which has offices in Alaska, Washington, Oregon, Idaho, Illinois, Nevada and California.

[ILLUSTRATION OMITTED]

Companies store and transmit huge volumes of data, including customer and personnel records, intellectual property, trade secrets and other proprietary assets. Securing this information against malicious attacks, accidents or negligence is vital to their operations. "Every aspect of the business is touched by technology," Ketrenos says. "It's not just their back-end systems; it's also the way they're communicating and touching their customers."

APPROACHES TO SECURING DATA

Data security is a broad concept that involves the protection of sensitive information against loss, corruption or unauthorized access. For Ketrenos, it centers on three fundamental tenets: availability, integrity and confidentiality.

The availability of data is essential because, as Ketrenos puts it: "If you can't get to it, what good is it."

Confidentiality is especially important when intellectual property or other private information is concerned. Integrity addresses the accuracy or validity of the data. In banking, for example, it's crucial for customers to have access to current and up-to-date data.

"They have to be able to validate their account information," Ketrenos says. "They have to know that what their account says is what they actually have."

Todd Clark, CEO of Anchorage-based DenaliTEK, thinks of data security in terms of data loss, productivity loss and the disclosure of sensitive information--not necessarily in that order. He outlines three levels of security for companies. First, there's a best-practices approach. This involves having adequate perimeter protection (such as a firewall), adequate backups, antivirus and periodic reviews by experts to assess typical vulnerabilities.

The next level, Clark says, is to have a security plan developed by an IT firm that has taken a specific look at the details of your business. At the highest level, large companies can develop a complete security policy--which can cost tens of thousands of dollars.

"We meet with the president and CFO and ask questions about the sensitivity of their data and potential threats," Clark says, describing his company's approach. "Typically, the higher the security the less convenient and more costly it will be for the end user."

Clark says large companies tend to take data security more seriously, and they have more resources to address the issues, people running smaller businesses--without any trade secrets or legal...