GUEST ESSAY: Leveraging Best Practices and an Open Standard to Protect Enterprise Data

It’s an oft-noted irony about wealth: the more money you have, the more money you have to care about – managing it, protecting it, nurturing it for future growth.

Related: Use employees as human sensors

For businesses, the same is now true for information. Data has become essential to the success of your organization. At the same time – in fact, as a direct result of the central importance of data – more and more adversaries are working harder and finding more nefarious ways to steal or compromise your data. As a single metric, the number of data breaches in the first nine months of 2021 surpassed all of 2020, a new record high.

As the economy becomes more data-driven and cyber threats proliferate, business leaders recognize they need to find a more effective approach to protecting their intellectual property, financial records, employee information and customers and other sensitive data, while ensuring that their employees access to this data is not impeded.

The good news is that there’s a simple way to protect your vital information assets, and it’s within reach of virtually any organization.

Proliferating cyber challenges

More than half of organizations expect cyber incidents to increase in 2022. In response, well over two-thirds say they will spend more on cybersecurity. But the challenges are piling up on several fronts:

•Cloud computing. Half of corporate data is now stored in the cloud. Organizations equip their employees with cloud-based applications like Microsoft 365 and Google Workspace, and run enterprise workloads on cloud platforms like AWS. You need to strike a balance between giving employees and customers easy access to data and protecting that information.

• Regulatory conformity. Changing privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) mean constant headaches for cybersecurity, compliance and risk management teams . At least 10 additional states have passed or are considering data privacy laws. Two-thirds of the world’s population will be protected by privacy regulations by 2023, and 70% of organizations say these regulations complicate cloud migrations and analytics. Additionally, it is not uncommon for regulators to issue multi-million dollar fines to companies that fail to properly protect customer data.

• Outdated cyber solutions. Until now, organizations have relied on firewalls, intrusion detection, and similar techniques to protect their data. Such a layered approach is always wise. But as cybercrime groups and opposing nations invest money, time and effort to crack these defenses, traditional protections are no longer adequate. It’s time to rethink your security stack and your priorities. Security and privacy isn’t just about adding to what you’ve done in the past: it’s about constantly re-evaluating your approach, where nothing is sacred except the data you are responsible for protecting.

Data management best practices

mcdonalds

As business leaders, you set the tone and momentum of your organization. For this reason, it is important that data privacy is part of your core values. Meet with your team to determine the impact of trust and reputation on your brand and tie them to a new core value that you can align the business with.

Of course, data protection requires effective cybersecurity solutions. But data management starts with strategy, not technology. Follow these eight best practices to establish a solid foundation for keeping your data secure:

• Engage key stakeholders. Data protection is not just the domain of your CIO. Every business leader and board must recognize the critical nature of data and be prepared to invest time, strategy and budget to protect it – or accept the fact that you could lose it.

•Inventory and map your data. Understand what data you collect, where it is stored, how it is used and with whom it is shared. Create a data map to show its flow across on-premises data centers, private clouds, and public clouds.

•Create a data catalog. Once you know where the data is, how it got there, and its value (and risk) to your organization, take the time to create a catalog so that your investment in these exercises can immediately generate value for those who need the data. their work.

•Carry out a risk analysis. Some regulations require a proactive approach to identify and mitigate data risks. Either way, risk analysis is the smart thing to do. It underpins organizational accountability and is needed to identify threats and uncover gaps. And remember: the risk of data changing as it moves. Make sure you understand these limits and include them in your calculation.

• Understand data protection standards. Data regulation has legal, financial and reputational implications. Familiarize yourself with standards that affect your industry, such as GDPR, CCPA, SOX, HIPAA, Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard (PCI-DSS), Federal Information Security Management Act (FISMA), and Children’s Online Privacy Shield Rule (COPPA).

• Assign roles and responsibilities. You probably already have a CIO. You almost certainly need a Chief Information Security Officer (CISO). The GDPR requires a designated Privacy Officer (CPO). Your investment in data-driven leadership should reflect the value of data to your business.

•Create a data protection policy. Data protection is so central to your business that you should think about it the same way you write your mission statement. Start with your core values, then be specific about how you will protect data and privacy.

•Implement data protection procedures. Policy must lead to action. Document
data management and processing, data monitoring, auditing mechanisms, breach response and data recovery. Additionally, be sure to reset and communicate expectations to your lower-level managers about the importance of data protection, so they can incorporate these practices into their daily work. Anything less than this will lead to overwork and employee burnout.

•Educate employees. Each employee has the option of strengthening or weakening data security. Make sure team members understand how to securely create, store, and share data, and make sure they know you view this as an essential organizational pillar, not something to be added. of their main job. It’s part of everyone’s job.

An open data protection standard

Ultimately, however, you need digital mechanisms to keep sensitive data secure. In light of the realities of cybercrime today, this requires ensuring security at a more fundamental level. Rather than shielding the data center, cloud, network, or your increasingly remote operations, you need to secure the data itself.

The solution is data encryption, which uses mathematical algorithms to scramble data, replacing plaintext with ciphertext. Data can only be decrypted by an authorized entity that holds the encryption key. Even if cybercriminals steal the data, share it or sell it, no one without the key can read it.

The problem is that most encryption methods are not universal. What works for emails doesn’t necessarily work for images; what works for raw data does not necessarily work for PDFs. So, traditionally, different users have needed to use different encryptions in different contexts, which has increased costs and slowed down operations, collaboration and innovation.

The solution is an innovative open standard, Trusted Data Format (TDF), which enables a single approach to encrypt many types of data. Developed by National Security Agency (NSA) experts, TDF is actively used by the US intelligence community and other government organizations. TDF enables granular access control for files and attachments such as emails, business documents, PDFs, photos, videos, etc.

As TDF is an open standard, it is accessible to everyone. It already underpins encryption solutions for the platforms businesses use every day, including Google Cloud, Google Workspace, Google Drive, Gmail, and Microsoft Outlook. And it’s used by organizations ranging from budget-strapped school systems to thriving retailers, healthcare providers, investment companies, utility companies and more.

Data will continue to grow in importance for your organization. Cybercriminals will always chase the most valuable asset they can access, and for the foreseeable future, the market is hot for your data. You need to protect your organization’s data, be good stewards of your customers’ data, and ensure that collaboration and enrichment activities that use data keep pace with innovation. Fortunately, TDF offers your organization a simple and comprehensive way to protect, share and manage your most sensitive data while respecting its owners.

About the essayist: Rob McDonald is Executive Vice President of Virtru, a global provider of data encryption and digital privacy solutions.

*** This is a syndicated Security Bloggers Network blog from The Last Watchdog written by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-leaving-best-practices-and-an-open-standard-to-protect-corporate-data/

Comments are closed.