Today there are three main business drivers for security and file transfer compliance that help businesses in any industry determine how security should be approached, funded and implemented. And they are compliance, risks, and benefits. In this post I will also define two key security and compliance trends which factor strongly into associated drivers.
The first of the three main business drivers is compliance. It is by far the most important. It tends to step in when business takes too much risk and governments and regulators try to fix it. For this reason, it tends to be often very late and backwards-looking. It doesn’t anticipate new things. It is slow to react. And it is driven by auditors.
But despite all that, it remains the most important because you simply have to do it. It is also thoroughly policed by auditors who are much less forgiving than your own line of business management.
Compliance is a good base from which to build your security function because it has to be funded every year and can survive cutbacks in capital spending.
Second on the list of business drivers are risks and security incidents. Most organizations operate some sort of risk management process. Though that doesn’t necessarily provide budget for mitigating actions. Major data breaches create a huge incentive for security spending. They should therefore be seen as an opportunity as much as a threat.
Finally, there is also the possibility in gaining business benefits from security investment. You can certainly get a reduction in incidents. Potentially you can also have better agility or new sales opportunities. The problem with this driver is that it returns on investments are rarely certain. They are more leaps of faith which Finance tends to hate. With secure managed file transfer you can not only secure your data transfers, you will also industrialize your data exchange processes ensuring a streamlined business operations and guaranteed end-to-end delivery.
Now let’s look at two key security and compliance trends which can help frame a point of reference for business drivers.
Security is Borderless
Security has been slowly moving outside the perimeter to support borderless operations. This is an important paradigm shift in modern years. It has been a gradual transition from an enterprise with strong borders to a borderless de-perimeterized architecture. We are in the middle of this transition. And this requires all applications to be secure by design.
As a founding director of the Jericho Forum, which is now part of the Open Group, I am a very strong advocate for this shift. I think it is absolutely vital for all organizations to start moving in this direction. Lack of segmentation is a very common weakness in networks as is insufficient protection of data in transit. The latter being the real Achilles Heel of many organizations today handling personal data.
Increasing Focus on Security and File Transfer Compliance for Data Exchange Across Borders
If you look at HIPAA it mandates integrity controls for all data in transit as well as encryption. As a practice that means you need end-to-end encryption for all data transfers. You cannot do this through email security settings. It demands an end-to-end professional encryption key management process.
This is also becoming necessary for cross-border data transfers which is becoming a very hot topic between Europe and the U.S., especially with growing concerns about foreign government interception following Edward Snowden’s revelations.
Safe Harbor has consequences for both European companies and also US companies handling any personal data or with any customers in EU countries. Generally, the penalties for non-compliance with any regulations are getting bigger as governments and regulators progressively begin to show their teeth. The latest European regulation has increased fines from virtual nothing to four percent of turnover. Many stakeholders would like to see that increased much further.
Coming Up Next
In my next post I will dive into two major regulations – HIPAA and GDPR – and explain what they mean for your business, especially for this in the healthcare industry. My third and final post in this series will share useful information security and privacy standards to maintain file transfer compliance and a good security posture. This will include the components of an ISO management system and general privacy principles. I’ll also touch upon alternatives to Safe Harbor and how managed file transfer helps to meet healthcare data compliance requirements.