As IT managers struggle to meet the latest compliance standards, there is one challenge that remains constant: knowing what types of data you have and which subset of that data must be protected, and bringing in the appropriate data protection. This may sound like an easy task, but in reality it can be quite difficult.
Administrators are finding out just how scattered across the enterprise their data is. Increasingly, it is being stored on a growing number of new portable machines, removable devices and desktops that make it hard to determine if you are compliant or not.
For example, take HIPAA compliance. Patient data must be protected and kept confidential yet, many times, X-rays or test results are stored on a CD and sent to another medical practice, sometimes carried by the patient. On the surface, if all the rules are adhered to, meeting compliance standards should not be an issue. But when the data is in transit, compliance officers no longer have control, which potentially poses a serious data protection problem.
While it may be impossible to solve such a data protection problem quickly, it does bring up a key issue: Visibility. Simply put, if administrators aren’t fully aware of this process, how can they ascribe to any meaningful compliance standards?
The answer to that dilemma comes in the form of management tools that offer visibility into IT operations. The problem is there is no one-size-fits-all solution that can offer full visibility. This is where administrators have to become creative.
For example, a combination of PC asset management tools, such as Intel’s LANDesk, Symantec‘s Altiris and Dell‘s Kace, can provide the visibility into what’s transpiring on PCs and other endpoints in the enterprise. These tools can be complimented by network monitoring and management tools, like SolarWinds and Paessler, and others can handle reporting on data in motion to round out visibility.
The last step administrators need to take is integrating these tools. By doing so, administrators have a clear map that shows where data can travel, allowing them to take preventative steps to eliminate the dreaded noncompliance discovery during an audit.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.