As high-profile data breaches continue to make news headlines, expectations concerning the security of data continue to rise. Given the trend surrounding new privacy- and cybersecurity-related laws around the world that mandate personal data breach and security incident notification – including the European Union’s General Data Protection Regulation and Network and Information Security Directive, respectively – it’s now critical for organizations, particularly those with global operations, to maintain a level of compliance that combines productivity and data security.
In the United States, businesses have been required to comply with dozens of state-level personal data breach notification laws for quite some time. As these laws continue to expand and evolve, the ever-changing regulatory landscape makes it difficult for organizations to determine which requirements will ultimately apply to them.
In order to avoid awkward conversations about data breaches both within your organization and with your customers, prioritize these three considerations to help ensure that data security is maintained and business integrity is protected.
Put your money where your risk is
Investments in data management should not come at the expense of data security. To protect personal data, you must secure it from exfiltration by cybercriminals. Cybersecurity is an essential expenditure that should complement investments in information management processes and technologies, and is the only way to ensure that your organization’s critical applications and data are protected.
In the face of an unfortunate data breach, even with the best detection and remediation technologies at your disposal, it’s still too late. Not only will your organization’s reputation be firmly placed on the front lines, you will most likely lose invaluable time and resources to investigate the incident and mitigate its impact, meet compliance mandates, and develop such assets as breach notification reports.
Instead, strong upfront investment in holistic, preventive security technologies will help keep your organization out of the negative news headlines by reducing the risk of a breach occurring in the first place with better data security and protection.
Internet of Things
Though estimates vary, the explosion of internet-connected devices is estimated to reach as high as 50 billion by 2020. One result of this trend will be the generation of vast amounts of data, which companies will need to ensure is protected and secured.
Yet even as the world’s digital infrastructure becomes increasingly interconnected, cybersecurity remains a fundamental challenge, and securing the high volume of distributed IoT devices themselves is only one part of the security equation. Because the rise of IoT creates a broadened threat landscape, it requires collaboration to holistically prevent attacks at every potentially vulnerable layer – on the endpoint, but also at the network and the application layers that interact with the IoT devices.
Organizations must build advanced integrated security into the entire fabric of their networks to prevent successful cyberattacks and protect our way of life in the digital age.
Cloud and ‘Software as a Service’ security
As organizations expand their IT architecture from traditional networks and data centers to cloud deployments, and as they increasingly adopt SaaS applications to facilitate business productivity, more and more personal data is inevitably stored and accessed online. New risks are introduced and, as a result, new security processes are needed to help protect data in the cloud and maintain privacy compliance mandates. Traditional detect-and-respond approaches, cloud-only security capabilities, and siloed point products lack threat context from the network edge or at the user interface, rendering them ineffective.
An integrated, automated approach across an organization’s entire architecture, from the network and data center to the cloud, is required to confidently and safely enable cloud deployments of any kind, and prevent data loss and cyber breaches at every stage of the attack lifecycle.
Danielle Kriz is the senior director of global policy at Palo Alto Networks.
The views expressed by contributors are their own and are not the views of The Hill.