Securing one of our most valued assets on Data Privacy Day

Securing one of our most valued assets on Data Privacy Day

As the world becomes increasingly digitised, we must ensure our data is protected at all costs. Ahead of the annual Data Protection Day, a number of industry experts discuss the importance of protecting data and why organisations should embed this into their core values.

Sean Carpenter, Senior Director, Product Management & Data Privacy at project44 

“Supply chains have become front page news globally over the past two years. However, there is no time to rest, as 2022 brings even more issues, with shippers, carriers and suppliers facing an increased threat of cyberattacks and ransomware. It’s time to make data security a supply chain priority. 

“The first step to protecting supply chain data is to map out how it is being shared, used and stored. In addition to which systems, tools and people are tasked with keeping it secure. Secondly, end-to-end protection of data requires encryption, with system access restricted, logged and audited. Further areas for supply chain experts to consider include getting total visibility, working with trusted suppliers and solutions, focusing on data storage and being proactive. 

“Data security is a constant and ever-evolving challenge for businesses and major disruptions invite endless opportunities for breaches. From location sharing and shipment documentation, to IIoT devices and inventory management, organisations connect with exponentially growing data touchpoints every day, that must be secured. It is vital that all data sources are secured, as the supply chain is only ever as strong as its weakest link.”

Dan Davies, CTO at Maintel

“As restrictions ease, a large-scale return to the office may be attractive for many organisations, but a hybrid model of working can continue to be just as safe and successful – if you implement the right security. 

“It’s correct that a hybrid workforce can be difficult to monitor and makes your data more complex to protect, when users only spend a limited amount of time connected to the corporate network. But organisations can combat this through strong data management policies and a software defined, borderless network fabric. This means staff know exactly what is available to them and where it sits within the business alongside extra precautions – such as Multi-Factor Authentication, secure web gateways and Zero Trust systems – which can ensure only those who really need it have access to highly sensitive company data.   

“Alongside these policies, organisations should also leverage only cloud technologies that provide high levels of data security and ubiquitous access. Businesses may also want to invest in automation and AI tools that help staff locate the data they need faster, alongside more traditional endpoint defence tools, such as anti-virus and device posture. 

“Finally, remember that times of disruption are always likely to encourage cybercriminals to seize an opportunity, so remain vigilant. Re-enforce messaging and training with your remote workers and make sure everyone is as educated as possible.”

Heather Gantt-Evans, CISO at SailPoint

“Collectively, are we on the right side of history with data privacy? I would argue not yet. We are going to look back at this era as if we were data barbarians. In our increasingly ‘Ready Player One-Esque’ environment, we must set aside time to think about our privacy and how to protect it. 

“We can see the wave of data morality coming from thought leaders and governments forcing hands by enacting regulations, including GDPR and CCPA. For enterprises to meet these rising expectations and comply with new regulatory guidelines, they’ll need to prove that they are investing in privacy. Companies who want to capitalise on this moment should seek to collect as little data as possible, encrypt what data they do have, give customers a path to opt out of data harvesting and give customers the ability to be forgotten (i.e. providing previously collected data back to the customer and then deleting it).

“But most importantly, organisations need to communicate clearly how collected data is used in order to provide value back to the customer. This means clearly articulating how it is protected and the customer’s privacy options.

“This can be particularly challenging for data involved in proprietary Machine Learning, but algorithmic transparency demonstrates that an enterprise is conscientious about data privacy. This includes Disney, who recently agreed to privacy changes for children’s apps, effectively removing tracking software for targeted ads. In addition, companies should seek to embed customer privacy as one of their core values and communicate this value as part of their customer-facing messaging. 

“Let’s usher in a new phrase, ‘the customer is always right secure’.”

Chad McDonald, CIO and CISO at Radiant Logic

“The number of identities linked to businesses has dramatically increased over the past two years, and as organisations begin their Digital Transformation, they need to be able to keep their identity data under control and properly managed. 

“For years now, organisations have suffered from scattered identity data across multiple sources which all use different protocols or are in modern cloud repositories that can’t connect back to legacy, on-premise technology. This inevitably results in an identity sprawl with organisations having overlapping, conflicting, or inaccessible sources of data, making it impossible to build complete and accurate user profiles. 

“This not only causes frustration for employees, who have to remember multiple logins credentials for all of the different applications and profiles that they need as part of their day-to-day job, but also poses significant GDPR and security risks. 

“The recent news story of the UK Government being fined £500,000 for the New Year honours data breach is an example of the poor processes that happen when governing identity data. Poor identity management will result in data not being fully secured and organisations suffering data breaches. Without accurate user profiles, systems are unable to determine what individuals should and should not be able to access. Siloed systems increase likelihood of a failure in identity management which increases an organisation’s attack surface. This increases the chances of a successful breach and increases the likelihood that it will remain undetected over time.   

“While identity sprawl is causing significant challenges to businesses across the world, it is a problem which many organisations don’t realise they have or, if they do know about it, they have decided to turn a blind eye as they believe there is no solution to sanitise and streamline their identity data. 

“With the number of cyberattacks substantially increasing during the pandemic, organisations must put in measures which can stop identity sprawl by ensuring they have a unified global profile which has all the attributes of a user irrespective of which source it’s located in. Organisations that fail to manage identity data will suffer from further data breaches as threat actors know that data is not secure and easy to get hold of. While this sounds like a complicated problem to solve, it can be easily done thanks to Identity Data Fabric. 

“The concept of Identity Data Fabric is to unify distributed identity data from all sources in an organisation and create a resource that delivers identity data on-demand wherever and whenever needed. Applications are then able to access identity data using different formats and protocols, irrespective if it’s on-premise or in the cloud. 

“Not only does the Identity Data Fabric approach ensure that businesses have access to all their identity data, but it also ensures that users’ profiles can be regularly updated in real time. Businesses can be confident that employees have access to the right information, yet they’re not able to access areas they don’t need for their job. With identity data in one flexible and manageable system, there is less chance of that data being accidentally leaked by employees or stolen by cybercriminals and it is more likely that the identity data and processing will be accurate across all systems.”

Rick Vanover, Senior Director of Product Strategy, Veeam

“Today, privacy matters. Data privacy continues to be more important than ever. From an awareness standpoint, data privacy doesn’t get the attention it needs. I see IT organisations constantly manage large amounts of data that really doesn’t matter any longer. ROT – Redundant, Obsolete or Trivial – data should be moved out of its storage life cycle. My practical advice on Data Privacy Day is to assess what data is where and identify what needs to be removed. If it doesn’t need to be removed, then determine if selected data should be moved to a correct tier or policy. From a privacy perspective, where it exists is an important first step of the process.”

Chris Boyd, Lead Analyst at Malwarebytes

“As Data Privacy Day is upon us, it’s important that everyone adheres to the three Cs. Firstly, check your socials – we live in a society in which we feel obliged to project every detail of our lives across the Internet. This eats away at our privacy and increases the risk of unsolicited and private information being shared. Re-evaluating this mindset could boost your privacy and security considerably. Secondly, consider alternating browser usage every so often. Switching from one browser to another can help keep advertisers and profilers on their toes and gives you greater insight into security measures put in place by the developers. It’s also important to ensure your browser is legitimate and not rogue software or simply an advertisement farm masquerading as a privacy tool. And finally, challenge yourself – the evolution of social media, camera phones and smart devices threatens other people’s privacy by allowing multiple parties to access it. We need to be as motivated to protect the privacy of others as we are our own.”

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive