Key Data Security Implementation Questions

• What data requires protection?
• What data is unnecessary?
• What data should be segregated?
• Who currently has access to sensitive data? Do they really need access?
• Who will require access to sensitive data in the future?
• Will a data vault reduce the data footprint?
• Can the business systems work with encrypted data?
• Can the business systems work with surrogate (tokenized) data?
• Will systems require any modi?cation to work with protected data?
• Will performance be optimal to support business needs?
• Can a data security framework be built to support the business as a service?
• Will data tokenization meet business needs?
• Will introducing tokenization or encryption technology reduce the risk of data exposure? 

Reference

• Insecure Issue 28 - Successful data security programs encompass processes, people, technology by Abir Thakurta