Key Data Security Implementation Questions

  • What data requires protection?
  • What data is unnecessary?
  • What data should be segregated?
  • Who currently has access to sensitive data? Do they really need access?
  • Who will require access to sensitive data in the future?
  • Will a data vault reduce the data footprint?
  • Can the business systems work with encrypted data?
  • Can the business systems work with surrogate (tokenized) data?
  • Will systems require any modi?cation to work with protected data?
  • Will performance be optimal to support business needs?
  • Can a data security framework be built to support the business as a service?
  • Will data tokenization meet business needs?
  • Will introducing tokenization or encryption technology reduce the risk of data exposure? 

Reference
  • Insecure Issue 28 - Successful data security programs encompass processes, people, technology by Abir Thakurta