Data security has been a much hotter issue over the last 12 months, given the number of high-profile data losses that have been reported. When carrying out data migration, you will have access to corporate data that is likely to be sensitive and business critical, which is why security cannot be left to chance.
The consequences of insufficient data security are huge. Get it wrong, and inadvertently allow data to leak or get lost, and there could be significant damage to company reputation, perhaps leading to loss of customers, and even provoking potential legal action.
It is critical in all data migrations that data should be treated with respect. All sensitive information, including common data such as customer information, should have detailed levels of security in place. Before you start any data migration, check exactly what levels are in place, and who is allowed access to the data and when.
Assess the value of the data to the business as well as the costs that could arise from the consequences of a security breach – and make sure that security requirements within the migration reflect this value. The security requirements still have to be cost-effective and not outweigh the risks highlighted in the assessment.
Check your legal obligations. Statutory measures covering data breach and data protection are now in place within many sectors, outlining the areas of security that have be in place, as well as stipulating operating procedures to keep the data secure. You have to adhere to legislative requirements during the data migration, while also taking into account any wider implications.
Don’t leave data security to someone else. Draw up data security plans early on, and embed them in the design of the solution. These security requirements can include:
- Secure data transfer.
- Secure server access.
- Secure data access.
- Increasing the number of permissions required to transfer data.
- Identifying the personnel who have or need the appropriate clearance and vetting within the companies involved in the migration.
- Stipulating the security courses or information sessions that personnel have to attend.
- Vetting and installing the software that will be used for the migration.
For confidential data within larger organisations, this is mandated by security departments, which limit access to servers, and define which servers’ data can be transferred between. However, you should apply the same level of care, no matter what level the migration is operating at.
The most common cause of a security breach during data migration is when a number of parties are involved. They may have the ability to transfer data between parties and between themselves using email or portable storage devices. Portable devices can easily be misplaced, while emails can be intercepted.
Having a robust plan in place will prevent that from happening – and spare the company’s blushes.