informa
/
Application Security
Commentary

Why It's Time for Business Leaders to Take Greater Accountability on Data Privacy

With the rise of hybrid-cloud and multicloud systems, a comprehensive strategy is needed to maintain control over who can and cannot access sensitive data across the organization, and to protect personal information.

For many companies, the pandemic accelerated digital transformation and data-driven initiatives far faster than what would have otherwise occurred. Today, if we're looking at enterprise trends — from cloud to software-as-a-service and artificial intelligence — it's the line-of-business (LoB) side of the house that is first to rush into new and emerging technologies. Operating at a lightning speed, however, can cause some leaders to overlook one crucial component that can significantly strengthen their business: data privacy.

With the rise of hybrid-cloud and multicloud systems, a comprehensive strategy is needed to maintain control over who can and cannot access sensitive data across the organization. The privacy of individuals' data is paramount in that effort.

The First Step to Accountability: Strategies to Secure Data for the Enterprise
We're seeing many companies recognize the importance of securing data so that it can be used without infringing upon individuals' privacy. An increasing number of LoB leaders, such as marketing executives, are taking greater care over how they are monetizing data. Here are three strategies LoB leaders can implement to ensure data security:

  1. With multiple computing environments in use across the enterprise, it's no longer good enough to rely only on security protections where data resides. In addition to at-rest data protection, leaders need to implement a cohesive data security strategy that accounts for data wherever it resides — while at rest, in motion, and in use. This lessens the chance of exposing information at any point throughout the data life cycle.
  2. Equally important, LoB leaders must reconsider whether they have the right tools and controls for each job. For example, encryption may make the most sense for large troves of data at rest, but this type of protection renders the data useless for AI and machine learning initiatives. Instead, leaders may want to consider fine-grained protection techniques such as tokenization or anonymization, which can preserve the format of the original dataset while still protecting any sensitive information. In many cases, they might also want to apply more than one technique across their various environments.
  3. Last, but certainly not least, leaders must have multiple layers of defenses for securing data. Most companies already have a clear defense strategy for endpoint, application, or network security. Unfortunately, the data itself is often overlooked. For enterprises that want to innovate without disruption, sensitive data must be fully protected, so that in the event of a breach, any stolen data remains confidential and secure.

Training: A Critical Foundation for Data Security Success
Training can be an instrumental component for LoB leaders seeking to take greater ownership over the privacy of their data. Business leaders should seek out training across three primary focus areas: privacy regulations, the multiple layers of defense strategy, and the shared cloud security model.

First, they need to be aware of privacy regulations that affect their business and customers. Every day, the complexity of privacy laws becomes increasingly challenging. Several US states and countries across the globe, are passing data privacy laws (including California's CCPA and Virginia's CDPA) and the need will only grow.

LoB leaders must also familiarize themselves with the multiple layers of defense strategy. When it comes to security, there's no silver bullet for complete protection against cyberattacks. Data breaches are inevitable. However, the reputational and financial damages caused by a breach can easily be mitigated by using multiple layers of defense. As noted earlier, endpoint, application, and network defense are important components of a strong security posture. However, LoB leaders must be aware that true defense requires a data-centric approach to security.

Finally, for organizations operating in cloud environments, LoB leaders need to be aware of the shared security model. In this well-established approach to cloud security, providers are responsible only for securing the cloud environment itself. Leaders implementing cloud and SaaS technologies across their departments must recognize they are directly responsible for securing what's within the cloud — and that includes their data.

Preparing for the Expanding Blast Radius of Data Security Responsibility
As organizations continue full speed ahead down their digital transformation journeys, the business leaders of tomorrow will work in closer partnership with analytics, data science, and even AI teams to achieve a competitive advantage. This will enable them to anticipate trends, deliver seamless customer experiences, and help their teams increase efficiency — all critical steps in pushing the business forward.

Business leaders are using data more than ever to drive outcomes, meaning the level of responsibility over how that data is used, stored, managed, and protected will become even greater. In the explosion of AI, analytics, and data science, the blast radius of responsibility for data security will also continue to increase.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5