Compliance stays in the picture. Why? Because today’s agile business environment requires employees to share data, information and other documentation both inside and outside their organizations on a regular basis. But for companies in highly regulated industries – including those in the healthcare and financial services fields – compliance with regulations such as HIPAA, PCI and SOX have strong requirements for the use of data and information.
To avoid any potential security issue or situation of non-compliance in 2017, companies will start implementing more security and compliance frameworks, provide better protection for their intellectual property and better define policies to help them remain compliant within a growing global economy.
Here's more detail on my 3 predictions for security and compliance in 2017:
1. Companies Will Implement Security and Compliance Frameworks
More companies will take actions to meet general and industry specific compliance regulations that require protection and safeguarding of data in order to avoid fines. We will see more companies implementing security and compliance frameworks to setup the controls they need. These controls include everything from access cards to gain entry into buildings and data centers, to constant employee training to prevent theft and inadvertent data sharing, and to technology such as the information security standard ISO/IEC 27001:2013.
In short, there is no single solution, but a good security framework will provide multiple layers of defense from security at endpoints, such as antivirus and anti-spam software, to end-to-end data lifecycle security including classification, inspection, tokenization, encryption and inherited rights management technology.
2. Intellectual Property Will Get Better Protected
As more companies get breached, hacked, compromised and held for ransom, they will realize that every piece of data is at risk. As such, they will quickly act to better protect their intellectual property and sensitive information even if they are not beholden to specific compliance regulations.
For example, companies will look to encryption technologies, such as the Advanced Encryption Standard (AES-256), to safeguard their data at rest, in motion and at destination with higher levels of analytics. AES-256 is a symmetric block cipher where data can be encrypted in 256 bit blocks, instead of in 192 and 128 bits from older, less secure encryption technologies.
Companies will also move from intrusion detection (i.e., monitoring a network or systems for malicious activity or policy violations) to intrusion protection (i.e., a preemptive approach to network security used to identify potential threats and respond to them swiftly) with signatures, anomaly analysis, heuristics and artificial intelligence to help dynamically protect data while allowing employees to continue to operate at the speed of business.
3. Regulatory Compliance Will Be Borderless
Since we live in a global economy, U.S. companies are working more than ever in conjunction with businesses that operate largely outside of North America. We will see a lot more companies start implementing policies to help them stay compliant with international regulations that can affect U.S. business operations, such as the looming deadline of the General Data Protection Regulation (GDPR) in the European Union (EU).
The GDPR is a regulation by which the European Commission intends to strengthen and unify data protection for individuals within the EU. It will have companies scrambling to implement security frameworks, develop processes, conduct training and install new technology to better meet the requirements of protecting personal identifiable information.
Some countries in Europe, but not in the EU, will have a similar, but different set of rules and regulations that they must comply with including Norway, Iceland, Liechtenstein, Albania, Switzerland, Turkey, Russia, Macedonia, Montenegro and a post-Brexit Great Britain.
Regardless of these differing international rules and regulations, U.S. companies will continue to march forward to meet industry specific regulations such as HIPAA in Healthcare, PCI for any credit card transactions, and FINRA for financial and banking institutions.