Data Protection Day – known as Data Privacy Day in the US – is an annual event that serves as a reminder to every sized organisation to review their data protection and data privacy posture. To mark the occasion, here is some IT and security advice; first, on managing personal devices.
Mike Schuricht, VP Product Management at Bitglass advises: “In recent years, the use of mobile devices in the workplace has soared as organisations have become more aware of the benefits that flexible working practices can have on productivity, and in turn, on the bottom line. However, those same organisations can be less keen to acknowledge the security risks associated with having so many vulnerable endpoints connecting to the cloud and corporate network.
“For most, the answer lies in a ‘trusted device’ security model where the devices have some basic protections and the organisation has some kind of control. Employees with trusted devices often have access to some of the most secure data in an enterprise. However, all endpoints remain vulnerable to loss, theft, and cyber-attacks that target data rather than the device. The fact of the matter is no matter how locked down a device is, the risk of data leakage can never be eliminated. Device security cannot be the cornerstone of an effective security solution.
“The solution is to focus on the data, rather than device. This approach will help to sidestep the major privacy and logistical issues associated with more invasive, device-based security tools, like Mobile Device Management (MDM) or Mobile Application Management (MAM) and lead to a win-win for organisations and employees.”
Jan van Vliet, VP and GM EMEA at Digital Guardian believes the rate at which businesses are generating data is only going to continue to grow and IT security professionals need to be able to quickly identify which items are the highest priority for protection. He continues, “Not all types of data are as sensitive or vulnerable as others and it’s for this very reason that data discovery and classification techniques are crucial parts of any organisation’s data security strategies. The first step in keeping customer information protected is to understand what value the data has, where it is being used, whether it needs to be encrypted, and how employees or third parties are interacting with it. This information is central to helping organisations make informed decisions about how to manage and secure data appropriately. It’s not a one-size-fits-all approach, but done correctly, it can greatly assist companies in meeting governance and compliance regulations, as well protecting intellectual property.”
Garry McCracken, VP Technology at WinMagic continues, arguing that encryption is the foundation of any data security solution. “With a comprehensive encryption and key management solution in place, whether your customer data is stored in the enterprise or in the cloud, if a hacker ever got their hands on that data, it would be unreadable and therefore useless to them.
“Don’t rely solely on the encryption solutions provided by the device manufacturer or operating system. While native encryption toolkits are the best at encrypting their own devices, the operating system can really benefit from the encryption management solutions provided by Independent Software Vendors (ISVs) to manage and unify encryption efforts across the enterprise. Trying to manage too many solutions independently creates more work, and more potential points of failure in your data security plan. This Data Protection Day, help ensure your business is not the latest to experience the negative impact of data loss or theft, and consider implementing these tips.”
Data is fast becoming the new currency of our economy, says Todd Kelly, CSO at Cradlepoint. “How well we manage and protect it – particularly as we embrace digital transformation technology to be more competitive continues to reshape our organisation – is now a central consideration.
“This digitisation of our business results in corporate data becoming more distributed across numerous application platforms in various locations – private data centres, cloud platforms(AWS, Azure,GCP) and mobile devices, stores, offices, clinics.
“The majority of corporate networks, however, are still not fully equipped to manage this change. Most depend on perimeter based security architectures connected by wires. These legacy wired Wide Area Networks (WANs) often limit enterprises from realising the full benefit of their digital transformation initiatives by limiting secure mobile access to the information. Leveraging the benefits of digital transformation can also be challenging when handling data in line with modern regulatory frameworks, such as the General Data Protection Regulation (GDPR).
“Many forward thinking CIOs are taking a more uniform approach to securing their data in transit by using a range of new technologies to transform their WANs, including 4G & 5G LTE, cloud-based management and orchestration, software-defined WAN (SD-WAN) and zero trust IoT network architectures. These technologies enable companies to build self-optimising and self-repairing WANs that can provide the connectivity, agility and availability they need – all while meeting the security standards that are essential for GDPR compliance.”
Enterprise
Stephen Gailey, Solutions Architect at Exabeam believes, “Data privacy was a hot topic in 2018, and that trend is expected to continue in the coming months. Over the next year, I believe we will see the first sign of government control over large internet service companies. Organisations such as Google and Facebook still don’t seem to understand what privacy means. I think we will actually see some form of legislative control being put forward or even break-ups considered.”
Agata Nowakowska, AVP at Skillsoft says: “Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for data protection, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences.
“Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within. From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.”
Alan Conboy, CTO at Scale Computing sums up: “Data Privacy Day serves as a significant reminder to the technology industry that securing your data is of utmost importance. As more organisations are moving their workloads to edge and hyper-converged environments, companies are looking to protect and recover these workloads. Backup and disaster recovery used to simply be good business practices. Now, for many industries, they are a big part of regulatory compliance. Data is more valuable than ever before and how data is managed and protected is increasingly being regulated by law. Platforms that include a variety of backup and disaster recovery features including snapshots, replication, failover, fail-back and cloud Disaster Recovery-as-a-Service are key.”
