Both GLBA and HIPAA require written information-security policies, and an individual or a group must be designated as responsible for their creation and implementation throughout the enterprise. Sarbox dictates that the corporate management team assess and maintain controls over financial reporting systems. At the very least, spell out what is where and who has access when. For small organizations, this might be easy. For large, complex enterprises, you may need a policy-management package, such as BindView's bv-Control or ConfigureSoft's Enterprise Configuration Manager. These tools not only help you develop policies to comply with the law, they also help enforce policies for system-access controls, computer configurations, patch levels and more (for information on policy tools and best practices, see "Got Discipline?").
Minding the Ps & Qs
Your written policies must cover more than your systems. They also must address your employees.
Although IT uses firewalls and secure remote-access tools to keep bad guys out, the success of any enterprise security plan begins with the employees who implement it. They are the first to handle customer data and should be considered the first line of defense. Know them well. Check references during the hiring process. Require employees to read and understand your institution's privacy and security policies, and train them to take basic steps to maintain security (see "Start with Staffing").
Next, treat your customer information as a valuable, renewable and reusable asset. Provision rights to handle sensitive information and lock down workstations that access it. In most companies, especially hierarchical organizations such as financial and health-care institutions, employees are not all equal. Their access to information should correspond to their job requirements.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
