Brian Clark, VP-information systems at Omeda, said audience developers should be on guard against both physical and electronic theft. “The most publicized is the electronic breach, typically performed for financial gain by hackers or malicious employees,” Clark said. “The other type of breach is the physical breach, such as the theft of a laptop computer or of a backup tape of a database.”
David Fry, chief technology officer at Fry Communications, said sensitive data must be kept in a place that is safe and isolated from the Internet and from those who do not need to have access. “That means information should be stored in an encrypted format in a database that is protected behind a well-maintained firewall,” he said. “Access to the encryption keys should only be available to those who are required to have access.”
Encryption keys should be regularly changed, Fry advised. Advanced security techniques such as intrusion detection and log analysis should be used to assure that no intruder has quietly accessed the data.
Firewall, intrusion prevention and denial-of-service prevention technologies that are continually updated are all elements that can help protect files electronically, Clark said.
“Physical breaches are prevented through controlled and monitored access to Omeda's building and our data center,” Clark said. His company makes use of electronic key cards, video monitoring, application and network logons, and an overall building electronic security system that is linked to the nearby police department.
Gene Bishop, VP-technology at ALM, noted that the “elephant in the room” is that getting someone's e-mail address is “the holy grail,” he said. “We play it off like, "Well, it's just your e-mail address, but it's just as personal these days as your phone number.” He added: “Trust needs to be built and cared for if you want to continue to do business at any level, especially if you want to have it over and over again like a subscription model.”