Data security is a major concern for organizations today. Organizations integrate data, by its movement and updation, across process terminals. The sensitive data handled by the organizations include medical records, personal records, credit card data and other highly confidential data, that if breached could have huge consequences. Therefore organizations have in place a security policy, which define role based access, authentication and authorization. Employees on their part require to be sensitized to the security requirements of the organization, by developing an appropriate culture.
Information or data is a key element that drives any business, and on most occasions organizations fail when they the information they have is unreliable or tampered. Information being important for their businesses, the availability and confidentiality of that information is critical to their performance. Businesses often integrate this information through updations and movement of sensitive information which could include personal data, financial data, data on credit cards, addresses, personal records etc. , whose security is very important and would have serious implications if breached. Therefore it is logical that organizations should have in place an information security system while integrating data, which is aptly protected by security policies. The management and security of data are increasingly perceived as areas of concern, as technology become more instrumental to maintaining and managing records and systems.
Security issues with employees are increasingly having its impact on an organization’s data security plans. Employees in the course of their employment, either intentionally or unintentionally could indulge in acts that according to data security experts are risky behavior. Browsing habits, email attachments, spam, backups, unauthorized software, USB drives, social media and mobile devices are among the important criteria associated with information security breach (CCSK Guide, 2011). Having in place an effective data security policy and creating awareness among the employees on the importance of these policies, is important.
Therefore business leaders emphasize on the importance of data security training for all employees. All current employees including, temporary and contract employees require to be trained to protect data integrity, and understand their role in the management of the security system. Employees require to undergo a role based training rather than a one size-fit-all approach which reflects the volume and the sensitivity of the data handled by a particular employee. Such training should also include simulation of real time situations, giving employees an opportunity to reflect on the situation and requiring them to think of an appropriate situation.
One of the ways organizations achieve information security is through role based privileges, which is associating a set of privileges or enabling certain actions for a particular role. For instance a salesperson would have access to tasks and data associated with this role. All users are delegated a custom role at the individual or team level, and a set of privileges are enabled exclusively for that role, thus preventing others who have nothing to do with the information and role, from being able to access it.
Security levels and the privileges associated with it vary across organizations depending on its data security needs and process requirements. The access level of an individual or the privilege level for an individual user depends on the position of the individual in the organizational hierarchy. The Microsoft Dynamics CRM establishes role or need based security levels for its information access, which include global, deep, local and basic access (Microsoft Corporation, 2012). Global access is the widest access and encompasses access to all information relevant to the organization. For instance a senior manager could have global access, and therefore be able to access all data. Global access includes local, deep and basic access. As this access level is associated with holistic organizational information, global access is restricted according to the data security plan of the organization.
A deep access level provides access to records of the business unit and all its subordinate units. Deep access includes basic and local access. This level is normally restricted to unit managers, as it gives access to all information at the business unit level and its subordinate units. Another access level is the local access which provides a user access to a business unit, and includes basic access. This access level provides information across the business unit and is provided to business unit managers who control business units. The basic access is the fundamental access level which permits an individual to records that he or she handles or owns. These include access to objects that are shared with the team, of which the individual is a member. This level is normally associated with sales and service representatives.
Information security is a key driver of organizational performance and sustenance. Organizations adopt various security systems to ensure a secure environment for the data handled by them. Access based on roles is an important and common way of controlling access. Employees require to be sensitized to the needs of data security and abide by the security policies, by creating an appropriate security culture. Data security messages can be incorporated in all communications with the employees. With advancements in technology, information security is increasingly challenged, thereby requiring to be constantly updated. In the days to come, data security would be an increasing priority for organizations given the increasing relevance of data handled.
Reference List
Microsoft Corporation (2012) How role-based security can be used to control access to entities in Microsoft Dynamics CRM. Retrieved from http://msdn.microsoft.com/en-us/library/gg334717.aspx#bkmk_access
Source Media (2012). The Importance of Security to Mitigate Risk. Retrieved from
http://www.information-management.com/news/1019158-1.html
CCSK Guide (2011) Risky behavior: Data security practices in the workplace. Retrieved from
http://ccskguide.org/2011/07/risky-behavior-data-security-practices-in-the-workplace/
