Defending Sensitive Data

Despite the recession, the global information security market grew 11 percent in 2010, representing more than $6 billion, according to New York-based ABI Research, a market intelligence company specializing in global connectivity and emerging technology. Factors such as improvements in router security, unified threat management and virtual private network technology allowed businesses to replace aging and vulnerable systems.

Going forward, ABI estimates global security sales to reach more than $10 billion by 2016. The growth is a result of trends, such as the push into cloud-based services and the rapid proliferation of smartphones and other Internet-connected mobile devices in the hands of employees, executives and contractors, which all puts sensitive corporate information at risk and provides additional impetus to protect critical data.

IT security trends
While hackers are stealing data using the programming language technique called “SQL injection” (an attack in which malicious code is inserted into strings that are later passed to a SQL server for execution), most companies are still focusing their data security efforts on older threats, such as viruses and worms, and investing in firewalls, according to Rob Rachwald, director of security strategy for Imperva, Redwood Shores, Calif.

“Anti-virus programs and firewalls are designed to stop malicious activity, not data theft,” Rachwald said.

The new world of social media is another sensitive data security area. According to Rachwald, people are not concentrating on the sensitive data that they are posting, enabling data thieves to search social networking sites for company information to steal.

“In addition, every company now has some employees who use their own devices when connecting to the company network, which makes it difficult for the IT department to ensure that no proprietary or sensitive information is being downloaded, accessed or used inappropriately,” he said.

One emerging technology that could help is the virtual desktop, said Dave Asprey, vice president of cloud security for TrendMicro Inc., Cupertino, Calif.

“A virtual desktop enables the user to see and manipulate data on their own laptop or mobile device, with the changes being reflected in the database, but without the data ever leaving the company’s servers or residing on the device,” Asprey said.

The emergence of the cloud dramatically affects data security, according to Richard Donaldson, co-founder and CEO of 6-Connect Inc., Redwood City, Calif.

“New encryption and more secure communications will have to be advanced as a result of outsourcing the data infrastructure,” he said.

Companies also will have to develop encryption for key management policies.

“The analogy is if someone wanted a physical key to open a vault, the company would have to identify the person and ensure he or she had the right to use the key. Encryption key management does the same thing for data in the cloud,” Asprey said.

And because data moves in the cloud through the Internet without the data owner knowing its location, it must be assumed that it can be seen as it moves, unless it is encrypted.

“Vigilance has been increased by the emergence of the cloud, and the need to protect data has expanded to include every byte,” he said.

Opportunities and challenges
With more critical data infrastructure coming online, Donaldson said network security must be the focus.

“The opportunities for electrical contractors are great, as the need to protect the physical infrastructure, such as power, HVAC, backup generators, etc., from intrusion grows,” he said.

According to Rachwald, the growing data center market enables electrical contractors to expand their presence and be the source for power protection, camera systems, perimeter defenses and for identifying inappropriate access and use of data.

“The contractor’s opportunities lie in helping design and installing the necessary physical security devices at the data center,” he said.

Asprey said that other opportunities in the data security market for contractors include upselling extra Ethernet drops for point of sale locations or promoting separate payment networks from the Internet.

“The data and IT [information technology] security market certainly provides contractors with the opportunity to promote physical security around a customer’s data center or retail location, including ID badge and access control systems, biometrics and door locks,” he said.

To be successful, however, contractors need to learn and understand Internet protocol (IP) and IT.

“Contractors need to advance their skills and become conversant in IT, especially network security as it relates to a data center’s critical infrastructure residing online,” Donaldson said.

Asprey advises contractors that want a piece of this market to examine partnering with data security professionals because of the higher level networking protocols involved in data security.

“Contractors can combine their expertise in ensuring a physical security infrastructure with the data security professional’s expertise in making a secure environment for data to create a better and more cost-effective solution to demonstrate to the customer,” he said.

BREMER, a freelance writer based in Solomons, Md., contributes frequently to ELECTRICAL CONTRACTOR. She can be reached at 410.394.6966 and

About the Author

Darlene Bremer

Freelance Writer
Darlene Bremer, a freelance writer based in Solomons, Md., contributed frequently to ELECTRICAL CONTRACTOR until the end of 2015.

Stay Informed Join our Newsletter

Having trouble finding time to sit down with the latest issue of
ELECTRICAL CONTRACTOR? Don't worry, we'll come to you.