Professional Documents
Culture Documents
The Importance of Data Security in Oil and Gas Industry Whitepaper Beeline
The Importance of Data Security in Oil and Gas Industry Whitepaper Beeline
The Importance of Data Security in Oil and Gas Industry Whitepaper Beeline
of Workforce Data
Security in the
Oil & Gas Industry
INTRODUCTION 1
CONCLUSIONS 7
In the wake of numerous
data and privacy The number and sophistication of attacks
on U.S. oil and gas companies appears to
breaches, organizations be increasing. Likewise, their potential for
inflicting damage on critical infrastructure
are intensifying their is growing.3 According to a 2013 Council of
efforts to protect their Foreign Relations Energy Brief, cyber threats to
oil and gas production—both cyber espionage
data from cyber-attacks. campaigns and potentially destructive cyber-
attacks, pose an increasingly challenging
And not a moment too problem for the industry and for national
soon. According to security and economic competitiveness. At
the same time, companies are increasingly
Verizon’s 2014 Data Breach dependent on the extent and quality of their
data. “We’re starting to see that any company’s
Investigations Report, competitive advantage is increasingly
1,367 confirmed data determined by the quality of the data they have
and how they’re using that data to make real-
breaches were reported in time decisions.”4
1
Verizon 2014 Data Breach Investigations Report. (2014).
Retrieved from http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf
2
Talbot, P. (2013). Rising cyber threat to oil and gas industry
Retrieved from http://www.offshore-publication.com/index.php/hse-risk-management/1438-cyber-threat-209381
3
Clayton, B. & Segal, A. (2013) Energy Brief: Cyber Threats to Oil and Gas Supplies, Council on Foreign Relations.
Retrieved from http://www.cfr.org/cybersecurity/addressing-cyber-threats-oil-gas-suppliers/p30977
4
Burrus, D. (2013). Competitive Advantage Is Increasingly Determined By Your Data.
Retrieved from http://www.huffingtonpost.com/daniel-burrus/competitive-advantage-is_b_3238658.html
02 The Importance of Workforce Data Security in the Oil & Gas Industry
5
odge, Nathan and Entous, Adam, Oil Firms Hit by Hackers From China, Report Says, Wall Street Journal, February 10, 2011.
H
6
Ellsberg, D. (2013). Edward Snowden: saving us from the United Stasi of America.
Retrieved from http://www.theguardian.com/commentisfree/2013/jun/10/edward-snowden-united-stasi-america
7
Isikoff, M. (2014). DOJ accuses firm that vetted Snowden of faking 665,000 background checks.
Retrieved from http://investigations.nbcnews.com/_news/2014/01/23/22401812-doj-accuses-firm-that-vetted-snowden-of-faking-665000-background-checks
8
The Heartbleed Bug. (2014). Retrieved from http://heartbleed.com/
03 The Importance of Workforce Data Security in the Oil & Gas Industry
THE BUSINESS PROBLEM Here are some of the challenges faced by most
organizations today:
Data is a two-sided coin. It creates business value, —T
oday there is more data, in more places, than
but it also represents a significant potential liability, ever before.
making the proper handling of data absolutely critical.
— Instead of individual hackers driven by curiosity or
As organizations increasingly turn to non-employee
mischief, data breaches are increasing caused by
resources—consultants, contractors, and outsourced
criminal enterprises seeking financial gain, or by
service workers—to support their businesses, it is just
terrorist organizations seeking to create chaos and
as important to know who has access to your data as
panic.
who has access to your physical facilities. A Vendor
Management System (VMS) can provide that visibility. — It has become increasingly difficult to track data
And it can ensure that these same non-employees’ access within organizations, opening the door for
access to your data ends as soon as they complete their abuse by insiders.
assignments. At the same time, the right VMS will keep —M
ore government regulations emerge every year
all the data required to manage your non-employee detailing how organizations should monitor and
workforce secure, including vital personal identity, manage sensitive data.
financial, and vendor records.
HOW HAVE ORGANIZATIONS TRIED TO SOLVE
Data security is all about minimizing risk and liability THIS PROBLEM IN THE PAST?
in a cost-effective way. Due to globalization and
technological progress, organizations collect, access, Historically, organizations that wanted to protect their
and use data in ways that constantly evolve and change. data have gone about it in four basic ways.
Failing to safeguard that data can lead to the leaking of 1. Ignore the problem and hope that it goes away/
sensitive information, which can place your organization resolves itself.
at risk of very costly legal action. That does not take
2. Rely on vendors, contractors, and other
into account the effect a leak would have on your
third parties.
brand’s reputation. As the regulatory burden of data
security increases, the resource commitment required to 3. Focus on the technical aspects of data security and
stay secure and compliant will escalate. All companies depend 100% on IT to take care of any problems.
need to take this issue seriously, regardless of their 4. Cede responsibility for security to cloud providers
size and geographic location. This is especially true of and employees.
companies in the strategically important and highly
Unfortunately, all of these methods have their respective
regulated energy sector.
shortcomings and still leave room for security breaches.
Maximizing the business value of data means keeping In fact, if you want to develop a first-class data
it secure throughout the organization. The increased security strategy, there are a few things you should
focus on risk management and transparency is driving do differently. The first step is implementing proven
the need for consistent, reliable, and secure data. best practices for data security to get results. Smart
organizations are working with partners that make data
security a top priority.
04 The Importance of Workforce Data Security in the Oil & Gas Industry
1. Does the provider have contingency plans in place? 4. How is their technology architected?
How protected is your data? When it comes to Does their Software-as-a-Service (SaaS) solution
protecting your data, what measures does your use single-tenant or multi-tenant architecture? Ask
potential VMS partner take? Inadequate contingency your potential technology partner if they follow the
planning in the case of a disaster—fire, flood, industry-recommended best practice guidelines
theft—results in loss of time, loss of resources, and for high-volume, high-availability systems by using
downtime in the service that the data systems single-tenant architecture, which gives each client a
provide. In fact, according to Price Waterhouse dedicated database and dedicated application server.
Coopers, 90 percent of all companies that experience Single-tenant architecture is inherently more secure
a computer “disaster” with no pre-existing survival than a multi-tenant architecture. For example, with
plan go out of business within 18 months.9 single-tenant architecture, it is not possible to have
one customer’s data shared with another’s due to a
2. Does the organization employ systems that rely on
code or labeling issue.
cloud providers?
You need a VMS partner who knows how to 5. Have they undergone compliance certification?
safeguard your organization from both security Consider choosing a firm certified by an independent
bugs and cloud outages. According to infrastructure service auditor to ensure they have undergone the
generalist Jason Creson, “One of the problems most rigorous assessments and compliance testing.
associated with running many systems in the cloud is 6. Do they have a disaster recovery site located a safe
that when one system goes down, multiple systems distance away from the primary site?
may go down, which requires providers to have a The alternative site for your data center should be
back-up plan in place.”10 far enough away from the primary site to serve its
3. Where is your data center located? purpose. You will want to make sure your data is
Your data center’s physical security should not be an secure in the case of natural disaster, human disaster,
afterthought. An ideal data center location should loss of electricity, pandemic disease, or some other
offer protection from all conceivable hazards. Beeline unforeseen catastrophe. Beeline provides and staffs
has four data centers on two continents. Consider the our own dedicated disaster recovery site, which is
physical security of just two of our data centers: One always ready to assume production activities and is
is located in a renovated WWI underground bunker monitored 24/7.
while another is securely protected on top of a hill. 7. Do they have reference clients you can
speak to about their experience with the
company’s reliability?
You rely on both security and uptime—all the
time—and so do your customers. Ask your potential
technology provider about their success rate for
uptime SLA, and if possible, verify any claims your
potential VMS partner may make by speaking directly
to an actual client about their experience.
9
Krupa, A. (2001). The Oversight of Physical Security and Contingency Planning.
Retrieved from http://www.lib.iup.edu/comscisec/SANSpapers/krupa.htm
10
Creson, J. (2014). Choose a VMS partner who knows how to safeguard your organization from both security bugs and cloud outages.
Retrieved from http://blog.beeline.com/data-security/vms-partners-protect-against-data-security-bugs/
05 The Importance of Workforce Data Security in the Oil & Gas Industry
~B
RUCE JONES, CISO OF EASTMAN
KODAK COMPANY
11
Brenner, B. (2012). CSO Security Standard: The art of vendor management.
Retrieved from http://www.csoonline.com/article/2135304/security-leadership/cso-security-standard--the-art-of-vendor-management.html
06 The Importance of Workforce Data Security in the Oil & Gas Industry
CONCLUSIONS
As you may have noticed, the more technology enables DOWNLOAD BEELINE’S SECURITY
businesses to do more with less, the more important CHECKLIST TO MAKE SURE YOUR
data security becomes. A data breach can cripple your
business and destroy the trust you have worked so
TECHNOLOGY PROVIDER CAN ANSWER
hard to build with your staff, customers, and suppliers. THE MOST IMPORTANT SECURITY
Let’s face it—the challenges for organizations are
QUESTIONS FACING SOURCING,
considerable. Between the many things that can go
wrong, the countless components for securing data, and PROCUREMENT, AND HUMAN
the increase in data breaches, you owe it to yourself to RESOURCE PROFESSIONALS TODAY.
do everything you can to protect your information. It
is clear you need to develop a first-class data security DOWNLOAD NOW
strategy that will help you protect your data and other
http://bit.ly/1hKeedV
business assets. Can you really afford not to ask the
tough questions when it comes to data security?
If you are looking for the right Vendor Management
System (VMS) partner to support your business, safely
and securely, take a closer look at Beeline. We invest
more than any other VMS provider in our state-of-the-
art data centers and premium application architecture.
We host our servers, network, and storage solutions in a
physically hardened data center offering top-of-the-line
redundancy and security across all capabilities.
Learn how Beeline can help you manage the security
components of vendors and non-employee data.
Ensure that a trusted technology partner protects your
company’s confidential information.
08 The Importance of Workforce Data Security in the Oil & Gas Industry
About Beeline
111214