Warning: Pay heed to Data Protection Day
By Bitglass, a Forcepoint company, CTO, Anurag Kahol.
Data Protection Day, impending in Europe, serves as a global reminder of one of the most important responsibilities for any organisation: keeping sensitive data secure.
Experience shows that countless organisations around the globe are open to cyber attacks as their data security measures are inadequate.
Consumers are constantly discovering the information that is collected about them, how that data is used, and how daily breaches put that information at risk. Consequently, companies must make security a top priority to maintain consumer trust (and remain compliant with regulations).
This past year marked a pivotal change in how companies conduct business, with most being forced to shift rapidly to a remote workstyle of operations due to the global COVID-19 pandemic.
Now we have begun to see high levels of vaccine distribution; some might think it's only a matter of time before 'normal' in-office work resumes. That is not likely to be the case.
Instead, we will see a permanent blend of remote and in-office work and mobile employees whose workspaces are constantly changing. Organisations must be prepared to continue to operate in this manner while ensuring that data is secure, no matter where or how it is accessed.
Unfortunately, many organisations lack the ability to achieve appropriate security levels and rely on outdated tools designed for predominately on-premises operations and lack the granularity needed today.
To address these challenges, a few steps must be taken. First, organisations must have an accurate inventory of data. This step is critical for adhering to data privacy regulations, including GDPR and CCPA, because if companies don't know the information they have or where it is going, they cannot protect it properly.
What is needed is a set of comprehensive activity logs that track all file, user, app, and web activity to reveal everything that is happening with consumers' data. Next, companies need to protect access to consumer information and the various systems that store it.
This can become more challenging for improperly equipped organisations that adopt cloud technologies and other remote work capabilities, as consumer data can potentially be accessed across numerous applications and on various devices.
To address this problem, organisations can require that employees attempting to access consumer data are authenticated via single sign-on (SSO) as well as multi-factor authentication (MFA). This will aid in ensuring that only legitimate, authorised users can handle consumer information.
Finally, organisations need to thoroughly understand data jurisdictions and any security challenges they may present after migrating to the cloud.
With respect to certain data privacy regulations like CCPA, data may be stored or transferred only where the state has jurisdiction or an agreement is in place. Similarly, under GDPR, all personally identifiable information must be secured with policies and processes in place which allow for audit and compliance.
To ensure compliance, organisations should look for security solutions that allow them to encrypt cloud data (wherever it resides) while maintaining local control of encryption keys.
Additionally, solutions that dynamically allow or deny access based on contextual factors like a user's location, device type, or job function are highly helpful, along with data loss prevention (DLP) capabilities.
For ease of management and cost-effective, consistent security, organisations should look for a single security platform that integrates all these capabilities into one offering.