Loewenthal's best practices for securing data internally starts with the development of a management information classification system that designates data in terms of its importance and need for confidentiality. The next step is deciding whether to encrypt confidential, sensitive data and then segment it by placing it in data repositories or on servers that can be walled off from the rest of the company.

This approach to data classification needs to coincide with policies and procedures that safeguard the information, e.g., what kinds of firewalls to deploy, how to test the security system, how to update it, how to limit the effects of any breaches and how to notify customers affected by those breaches.

"You really have to make the effort to get together and meet and set up the proper committees to make sure the stuff goes through proper processes," Loewenthal says. "You have to have the right audit checks and monitoring checks in place. It takes time, and it takes some investment in infrastructure to do it right."

NeoScale Systems Inc.

A small cadre of vendors is offering appliance/server-based encryption and authentication products targeted for companies seeking to enhance their internal protection against unauthorized data access to e-mail and other networks.