Data privacy is an ongoing concern, to put it mildly. This year started with the long-anticipated overhaul of the General Data Protection Regulation (GDPR). No long afterwards, the same issues were marked globally on Data Privacy Day. On its heels came the news of Safe Harbor 2.0 - ‘Privacy Shield’ - the new agreement between the EU and the United States regarding how to handle, process and move personal data between the two countries.
Time to Up Our Security Game
The financial services and healthcare industries require full transparency and data protection throughout their borderless enterprises. This is required to protect the details of the individual citizens whose data they hold. PII (personally identifiable information) is worth a lot of money on the dark web, and it is the most vulnerable when in transit.
It's time to up our security game. Not just in the business world but in every facet of our online lives. We must maintain a steadfast security posture, back up our data, stay current through patches and updates. We are all putting ourselves at risk when basic security hygiene is ignored like when we share personal information over the lated must-have app. How can we be assured our data is being appropriately cared when we hand it over information to companies?
By properly respecting people's privacy, a company and build trust. But customer trust needs to be earned. With data flowing in and out of networks without full control trust-building becomes a big challenge for IT teams.
Data gets shared with payment processors, IT consultants, insurance companies, government agencies and cloud providers. In the borderless enterprise, that data needs to be kept safe. No matter where it goes.
Protect Your Borders
The GDPR and the Safe Harbor pact are designed to protect personal information once it enters the realm of corporations and public organizations. IT teams need to think far beyond perimeter defense in order to meet these stringent regulations. Making this a challenge are the blurred lines between who is “inside” and who is “outside” the perimeter. Sometimes folks are in between. Like external service providers get the same level of access as highly privileged insiders.
So what's the best way to limit access to data? Encryption keys. But once data is in transit there are other factors to consider, particularly when compliance with GDPR or specific industry legislation is a requirement.
What Data Protection Means to IT Teams
Companies that are starting sort out GDPR compliance should expect to invest significantly in order to meet it. An Ipswitch survey taken by more than 300 European IT professionals showed that nearly 70 percent of all respondents said they’d need to invest in new technologies or services to help prepare the business for the impact of the GDPR. Here's how it stacked up:
- Encryption tools (62%)
- Analytics and reporting (61%)
- Perimeter security (53%)
- File transfer solutions (42%)
Two-thirds of all respondents said that keeping up to date with data protection regulation was a burden on their business. What's clear to me is that compliance has a healthy price tag in terms of tech investments and training staff. But when we consider the underlying rationale around data protection, our burden is to keep the hackers away from any information that isn't ours to lose. Given this, I'd wager to say that the cost to meet compliance is less pricey than the cost to remediate a data breach and pay fines.