<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Three Compliance and Security Predictions for 2017

Richard Allen| January 06 2017

| security

Three Security and Compliance Predictions for 2017Compliance stays in the picture. Why? Because today’s agile business environment requires employees to share data, information and other documentation both inside and outside their organizations on a regular basis. But for companies in highly regulated industries – including those in the healthcare and financial services fields – compliance with regulations such as HIPAA, PCI and SOX have strong requirements for the use of data and information.

To avoid any potential security issue or situation of non-compliance in 2017, companies will start implementing more security and compliance frameworks, provide better protection for their intellectual property and better define policies to help them remain compliant within a growing global economy.

Here's more detail on my 3 predictions for security and compliance in 2017:

1. Companies Will Implement Security and Compliance Frameworks

More companies will take actions to meet general and industry specific compliance regulations that require protection and safeguarding of data in order to avoid fines. We will see more companies implementing security and compliance frameworks to setup the controls they need. These controls include everything from access cards to gain entry into buildings and data centers, to constant employee training to prevent theft and inadvertent data sharing, and to technology such as the information security standard ISO/IEC 27001:2013.

Related Article: Secure Deletion Of Data Not So Secure?

In short, there is no single solution, but a good security framework will provide multiple layers of defense from security at endpoints, such as antivirus and anti-spam software, to end-to-end data lifecycle security including classification, inspection, tokenization, encryption and inherited rights management technology.

2. Intellectual Property Will Get Better Protected

As more companies get breached, hacked, compromised and held for ransom, they will realize that every piece of data is at risk. As such, they will quickly act to better protect their intellectual property and sensitive information even if they are not beholden to specific compliance regulations.

For example, companies will look to encryption technologies, such as the Advanced Encryption Standard (AES-256), to safeguard their data at rest, in motion and at destination with higher levels of analytics. AES-256 is a symmetric block cipher where data can be encrypted in 256 bit blocks, instead of in 192 and 128 bits from older, less secure encryption technologies.

Related Article: Is Encryption A HIPAA Compliance Requirement?

Companies will also move from intrusion detection (i.e., monitoring a network or systems for malicious activity or policy violations) to intrusion protection (i.e., a preemptive approach to network security used to identify potential threats and respond to them swiftly) with signatures, anomaly analysis, heuristics and artificial intelligence to help dynamically protect data while allowing employees to continue to operate at the speed of business.

3. Regulatory Compliance Will Be Borderless

Since we live in a global economy, U.S. companies are working more than ever in conjunction with businesses that operate largely outside of North America. We will see a lot more companies start implementing policies to help them stay compliant with international regulations that can affect U.S. business operations, such as the looming deadline of the General Data Protection Regulation (GDPR) in the European Union (EU).

Related Article: Brexit Won’t Excuse The UK From The GDPR

The GDPR is a regulation by which the European Commission intends to strengthen and unify data protection for individuals within the EU. It will have companies scrambling to implement security frameworks, develop processes, conduct training and install new technology to better meet the requirements of protecting personal identifiable information.

Some countries in Europe, but not in the EU, will have a similar, but different set of rules and regulations that they must comply with including Norway, Iceland, Liechtenstein, Albania, Switzerland, Turkey, Russia, Macedonia, Montenegro and a post-Brexit Great Britain.

Regardless of these differing international rules and regulations, U.S. companies will continue to march forward to meet industry specific regulations such as HIPAA in Healthcare, PCI for any credit card transactions, and FINRA for financial and banking institutions.

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Richard Allen

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.