Data Protection Day serves as a reminder of one of the most important responsibilities for any organisation: keeping sensitive data secure.
In today’s digital economy, consumers are becoming increasingly aware of and concerned with how their personal information is being used, collected or shared. A recent McKinsey study found the majority (71 per cent) of respondents claimed they would stop doing business with a company if it gave away sensitive data without permission. Consequently, as consumers become more careful about data sharing, companies are learning that effective data protection makes for a good business advantage.
This Data Protection Day, teiss spoke with eight industry experts to understand what organisations can do to keep data security at the top of the business agenda.
Data protection starts with effective visibility
“Data is the lifeblood of most modern companies and the long-term negative impact on those who suffer breaches demonstrates just how serious the issue of data loss has become today,” explains Tim Bandos, CISO, VP Managed Security Services at Digital Guardian.
“And for those of us who are now working from home, the threat level posed by the blurred lines of using personal devices to respond to work emails, or using our work laptop to buy something online, has increased exponentially.
“With such a high volume of data flowing in and out of businesses every day, effective data protection strategies must embrace the following: 1) visibility to all data, all the time; 2) analytics to understand and manage risk; 3) controls to enforce data protection policies and 4) a consolidated view into all threats targeting sensitive data.
Anurag Kahol, CTO and co-founder at Bitglass, agrees: “First, organisations must have an accurate inventory of data. This step is critical for adhering to data privacy regulations including GDPR and CCPA, because if companies don’t know the information they have or where it is going, then they cannot properly protect it. What’s needed is a set of comprehensive activity logs that track all file, user, app, and web activity to reveal everything that is happening with consumers’ data.
Simon Spring, Senior Account Director, EMEA at WhereScape, says the key is data automation. “Knowing where your data sits, how it’s being used and who has access to it is fundamental in strengthening your defenses when it comes to protecting one of your most valuable assets.”
“But where do you start? It has proved a challenge for many security teams, particularly in organisations where manually processing huge amounts of information effectively can be time-intensive, and error-prone. This is why organisations should not overlook the potential of Data Automation as a way of delivering significant value. When it comes to regulatory compliance, it can knock months or even years off your project time and reduce the risk of your organisation being in breach.”
Up in the cloud
One area that is creating confusion over data protection is the cloud. “It’s not so much the cloud itself, but rather the responsibility of protecting data that resides in the cloud,” explains Jakub Lewandowski, Global Data Governance Officer at Commvault. “Many organisations assume that putting data in the cloud means that the provider is responsible for protecting it, but this is rarely the case. Most write into the small print that users are responsible for arranging their own protection. Though an increasing number of businesses are getting onboard with managing this, increased regulations may be on the horizon that would more clearly define the responsibility that the cloud providers should hold.
“In the meantime, the onus is on businesses to become familiar with new data regulations as they are introduced – understand who is affected, what is required, whether your business currently meets this standard or if changes have to be made.”
Data protection goes remote
Martin Taylor, Deputy CEO and co-founder at Content Guru explains how widespread remote working has initiated a massive acceleration in technology adoption and innovation, particularly with the use of video, which has presented new challenges around data protection.
“In a recent report, research firm MarketsandMarkets estimates that the enterprise video market will grow from $16.4bn in 2020 to $25.6bn by 2025, but points to limited interoperability of different enterprise video solutions as a key challenge facing organisations.
“Technical complexity requires an effective technology-led response and organisations must apply this mantra to their compliance and data protection obligations. The answer may be unified solutions, which provide a platform to take advantage of these best-of-breed video technologies and offer resources such as search-and-replay, e-discovery and end-to-end trade reconstruction across a diversified technical ecosystem. Unified solutions may allow firms to develop cost effective, enterprise-wide compliance and data management policies that eliminate the problems associated with old-style disjointed methodologies. Now and for the future, the ability to analyse an entire dataset, as opposed to random manual sampling, is the key to eliminating gaps in reporting.”
Furthermore, according to Cisco’s Benchmark Report 2020, more than half (52%) of organisations are finding it very or extremely difficult to defend mobile devices. “With IT security teams already stretched thin, it’s crucial that organisations prioritise education, training and awareness around the specific security risks related to remote working,” warns Agata Nowakowska, AVP EMEA at Skillsoft.
“Online or virtual-led training is an extremely effective method of training employees who are working remotely and will continue to be a key tool in the new world of work we are now in. Data Protection Day holds more weight now than ever before - learning & development teams should draw on this as they drive awareness within their organisations.”
As we look ahead to getting employees back to the office, Samantha Humphries, senior security strategist at Exabeam encourages organisations to tackle data protection head on. “With organisations considering ‘immunity passports’ to get employees safely back to work, companies are going to have to maintain a delicate balance between protecting the health and privacy of their teams.”
“The path forward back to the office from COVID-19 must include data privacy,” she adds. “Data Protection Day should serve as a reminder that even when things go back to some semblance of 'normal,' it is good to be open and honest with employees on current privacy policies. Regular audits should also be conducted during this time, like when new laws such as the AB685 extension emerge. This will reassure skeptical employees that both their health and digital data are protected, while the organisation is also being safeguarded."
“Now that Brexit has moved on to the next phase of maturity, I believe we should continue to see more clarity and comfort in terms of how data is managed and protected as it enters, or leaves, the UK,” Terry Storrar, MD at Leaseweb UK, concludes.
After all, “it is in nobody’s interest for organisations to be under so much red tape that they find it impossible to trade; in this regard, the upcoming adequacy assessment by the EU in respect of the UK will hopefully mean that change will be minimal and the current best practices that businesses have in place will only need minor tweaks.
"The preparation that most businesses put in to prepare for GDPR will have put them on a much sounder footing to ride out these changes, and with some vigilance and continuation of the data protection measures that have been put in place, good businesses will continue to thrive.”