Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Keeping up: The Enterprise Strategy Group, a consulting firm, asked 308 IT professionals in large companies what factors motivated their decisions to improve data security. Regulatory compliance topped the list

Last month, Sony revealed the price tag associated with cleaning up the massive security breach that exposed personal information of more than 100 million users of its PlayStation Network and Qriocity streaming-media services: at least $171 million. It was the largest such breach any company had ever experienced, according to Sony’s chairman, Sir Howard Stringer, and the staggering sum will cover security improvements, customer compensation, and investigative services. But the full toll will be harder to measure, because it will include the loss of customer confidence in the company.

The episode was a reminder of the stakes involved in data security—and an indicator that many organizations are not protecting themselves well enough. “When it comes to all of these security problems, companies aren’t spending up front but have to spend a lot of money on the back end to fix things,” says Thomas Ristenpart, a computer security researcher at the University of Wisconsin, Madison.

This month, Business Impact focuses on securing data against theft and loss. We will explore the security tactics that companies ought to be using, the investments they ought to be making, and the questions they ought to be asking. We’ll examine smart practices for mobile devices, remote workers, and cloud computing, and we’ll get insights from top thinkers in the field.

Threats to the security of information are multiplying in part because the world’s storehouses of data are rapidly growing as the cost of storage plummets and the availability of computers and network access expands. As this mother lode of data grows, so does its attractiveness to criminals and hackers.

To protect themselves, businesses can impose access controls on confidential data, encrypt this data and appropriately manage encryption keys, audit user activities, and bring on consultants to make sure security practices are up to date. And since the weak link in the security chain is often people, one of the most important things businesses can do is simply to train employees on basic data security practices. This month’s package of stories will argue that information security isn’t just a matter for the IT department to worry about. It has to register throughout a company, starting at the highest levels, where decisions about capital investments are made.

2 comments. Share your thoughts »

Credits: Credit: ESG Research Report, Protecting Confidential Data Revisited, April 2009 , ESG Research Report, Protecting Confidential Data Revisited, April 2009

Tagged: Business

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me