As the world becomes increasingly digitised, we must ensure our data is protected at all costs. Ahead of the annual Data Protection Day, a number of industry experts discuss the importance of protecting data and why organisations should embed this into their core values.
Sean Carpenter, Senior Director, Product Management & Data Privacy at project44
“Supply chains have become front page news globally over the past two years. However, there is no time to rest, as 2022 brings even more issues, with shippers, carriers and suppliers facing an increased threat of cyberattacks and ransomware. It’s time to make data security a supply chain priority.
“The first step to protecting supply chain data is to map out how it is being shared, used and stored. In addition to which systems, tools and people are tasked with keeping it secure. Secondly, end-to-end protection of data requires encryption, with system access restricted, logged and audited. Further areas for supply chain experts to consider include getting total visibility, working with trusted suppliers and solutions, focusing on data storage and being proactive.
“Data security is a constant and ever-evolving challenge for businesses and major disruptions invite endless opportunities for breaches. From location sharing and shipment documentation, to IIoT devices and inventory management, organisations connect with exponentially growing data touchpoints every day, that must be secured. It is vital that all data sources are secured, as the supply chain is only ever as strong as its weakest link.”
Dan Davies, CTO at Maintel
“As restrictions ease, a large-scale return to the office may be attractive for many organisations, but a hybrid model of working can continue to be just as safe and successful – if you implement the right security.
“It’s correct that a hybrid workforce can be difficult to monitor and makes your data more complex to protect, when users only spend a limited amount of time connected to the corporate network. But organisations can combat this through strong data management policies and a software defined, borderless network fabric. This means staff know exactly what is available to them and where it sits within the business alongside extra precautions – such as Multi-Factor Authentication, secure web gateways and Zero Trust systems – which can ensure only those who really need it have access to highly sensitive company data.
“Alongside these policies, organisations should also leverage only cloud technologies that provide high levels of data security and ubiquitous access. Businesses may also want to invest in automation and AI tools that help staff locate the data they need faster, alongside more traditional endpoint defence tools, such as anti-virus and device posture.
“Finally, remember that times of disruption are always likely to encourage cybercriminals to seize an opportunity, so remain vigilant. Re-enforce messaging and training with your remote workers and make sure everyone is as educated as possible.”
Heather Gantt-Evans, CISO at SailPoint
“Collectively, are we on the right side of history with data privacy? I would argue not yet. We are going to look back at this era as if we were data barbarians. In our increasingly ‘Ready Player One-Esque’ environment, we must set aside time to think about our privacy and how to protect it.
“We can see the wave of data morality coming from thought leaders and governments forcing hands by enacting regulations, including GDPR and CCPA. For enterprises to meet these rising expectations and comply with new regulatory guidelines, they’ll need to prove that they are investing in privacy. Companies who want to capitalise on this moment should seek to collect as little data as possible, encrypt what data they do have, give customers a path to opt out of data harvesting and give customers the ability to be forgotten (i.e. providing previously collected data back to the customer and then deleting it).
“But most importantly, organisations need to communicate clearly how collected data is used in order to provide value back to the customer. This means clearly articulating how it is protected and the customer’s privacy options.
“This can be particularly challenging for data involved in proprietary Machine Learning, but algorithmic transparency demonstrates that an enterprise is conscientious about data privacy. This includes Disney, who recently agreed to privacy changes for children’s apps, effectively removing tracking software for targeted ads. In addition, companies should seek to embed customer privacy as one of their core values and communicate this value as part of their customer-facing messaging.
“Let’s usher in a new phrase, ‘the customer is always right secure’.”
Chad McDonald, CIO and CISO at Radiant Logic
“The number of identities linked to businesses has dramatically increased over the past two years, and as organisations begin their Digital Transformation, they need to be able to keep their identity data under control and properly managed.
“For years now, organisations have suffered from scattered identity data across multiple sources which all use different protocols or are in modern cloud repositories that can’t connect back to legacy, on-premise technology. This inevitably results in an identity sprawl with organisations having overlapping, conflicting, or inaccessible sources of data, making it impossible to build complete and accurate user profiles.
“This not only causes frustration for employees, who have to remember multiple logins credentials for all of the different applications and profiles that they need as part of their day-to-day job, but also poses significant GDPR and security risks.
“The recent news story of the UK Government being fined £500,000 for the New Year honours data breach is an example of the poor processes that happen when governing identity data. Poor identity management will result in data not being fully secured and organisations suffering data breaches. Without accurate user profiles, systems are unable to determine what individuals should and should not be able to access. Siloed systems increase likelihood of a failure in identity management which increases an organisation’s attack surface. This increases the chances of a successful breach and increases the likelihood that it will remain undetected over time.
“While identity sprawl is causing significant challenges to businesses across the world, it is a problem which many organisations don’t realise they have or, if they do know about it, they have decided to turn a blind eye as they believe there is no solution to sanitise and streamline their identity data.
“With the number of cyberattacks substantially increasing during the pandemic, organisations must put in measures which can stop identity sprawl by ensuring they have a unified global profile which has all the attributes of a user irrespective of which source it’s located in. Organisations that fail to manage identity data will suffer from further data breaches as threat actors know that data is not secure and easy to get hold of. While this sounds like a complicated problem to solve, it can be easily done thanks to Identity Data Fabric.
“The concept of Identity Data Fabric is to unify distributed identity data from all sources in an organisation and create a resource that delivers identity data on-demand wherever and whenever needed. Applications are then able to access identity data using different formats and protocols, irrespective if it’s on-premise or in the cloud.
“Not only does the Identity Data Fabric approach ensure that businesses have access to all their identity data, but it also ensures that users’ profiles can be regularly updated in real time. Businesses can be confident that employees have access to the right information, yet they’re not able to access areas they don’t need for their job. With identity data in one flexible and manageable system, there is less chance of that data being accidentally leaked by employees or stolen by cybercriminals and it is more likely that the identity data and processing will be accurate across all systems.”
Rick Vanover, Senior Director of Product Strategy, Veeam
“Today, privacy matters. Data privacy continues to be more important than ever. From an awareness standpoint, data privacy doesn’t get the attention it needs. I see IT organisations constantly manage large amounts of data that really doesn’t matter any longer. ROT – Redundant, Obsolete or Trivial – data should be moved out of its storage life cycle. My practical advice on Data Privacy Day is to assess what data is where and identify what needs to be removed. If it doesn’t need to be removed, then determine if selected data should be moved to a correct tier or policy. From a privacy perspective, where it exists is an important first step of the process.”
Chris Boyd, Lead Analyst at Malwarebytes
“As Data Privacy Day is upon us, it’s important that everyone adheres to the three Cs. Firstly, check your socials – we live in a society in which we feel obliged to project every detail of our lives across the Internet. This eats away at our privacy and increases the risk of unsolicited and private information being shared. Re-evaluating this mindset could boost your privacy and security considerably. Secondly, consider alternating browser usage every so often. Switching from one browser to another can help keep advertisers and profilers on their toes and gives you greater insight into security measures put in place by the developers. It’s also important to ensure your browser is legitimate and not rogue software or simply an advertisement farm masquerading as a privacy tool. And finally, challenge yourself – the evolution of social media, camera phones and smart devices threatens other people’s privacy by allowing multiple parties to access it. We need to be as motivated to protect the privacy of others as we are our own.”
Peter Waters, Chief Privacy Officer, Equinix
In recent years, data privacy compliance has become a critical consideration driving critical business decisions as companies look to digitally transform. Cybersecurity vulnerabilities continue to increase as companies grow their digital footprints due to the massive amounts of data being generated. The Data Privacy Day comes as a reminder for organizations to assess their cyber risks and ensure strong data privacy protections are in place but in such a way that will not impede innovation within the digital economy. Due to the increasing complexity of data flows, enterprises need to evolve past securing data at rest to a posture of continuous governance where all data is protected.
Increasingly, we are seeing enterprises place, manage and analyze data at the edge, closer to their users, services and clouds. Meanwhile, concerns over the security and privacy of data in movement and/or in the cloud have also increased. This situation is more critical in Asia-Pacific and has driven the need for better technology and infrastructure solutions that improve data accessibility, security and control, while also meeting increasing data privacy requirements. It is a balancing act.
At Equinix, we support many of the largest enterprises in the world. Through our Equinix Privacy Office, we proactively manage our own compliance with applicable new and evolving data privacy laws and seek to assist customers to do the same. Our data security practices and controls around our own global platform of systems and processes are robust. Our digital services like Network Edge and a rich set of security-focused partners in our ecosystem, which sets up these security services closer to the user to protect that data locally. Our goal is to embed the concept of privacy by design into new system deployments and business process improvements across various aspects of our business, as well as offer our clients systems and infrastructure they can rely on.
Mike Wood, CMO at Versa Networks
Following the explosive shift to the work-from-anywhere approach over the past couple of years, organisations’ people, technology, and data are spread across unlimited locations around the world. Coupled with that is our ever-increasing demand to be connected to everything and everyone all the time which has resulted in a push for emerging technologies such as 5G and IoT.
Whilst convenience, connectivity and flexibility are key to our current working environment, so too should be the security of our devices and the privacy of our data. Despite the rapid adoption of 5G, IoT and other new technologies, their popularity far outweighs their security.
In the short time that 5G has been globally deployed, it has become a natural component of IoT devices and is also in the perfect position to help transform business networking and the interconnection of infrastructure environments, be those on-premises, hybrid-cloud, or multi-cloud. However, as a market, it has not undergone enough research for experts to be confident in its security. Zero-day attacks are a huge threat to IoT and 5G applications. What’s more, 5G is not a private network, so when IoT devices are connected to it, the attack surface expands, and they and the data they store become vulnerable.
With a work-from-anywhere model, employees can easily access their Voice over IP (VoIP), Unified Communications, collaboration, and video applications from any location and any device, but this has to be done securely. As a result, businesses should be looking to invest beyond traditional technologies such as VPNs to protect their data against users who can be connecting from anywhere, on any network, and any device – they need to implement a holistic approach to getting visibility and control over all identities, threats, and endpoints.
With a strategic approach to networking and security like SASE, organisations can achieve the flexibility in connectivity they are looking for, as well as ensuring their data is kept private and secure.