Whether or not you make New Year’s resolutions in your personal life, every business leader should review corporate plans and revise strategies for the new year. So much of business planning is about growth; it’s easy to forget about protecting your company’s valuable business assets. This includes myriad types of data organizations store, transmit, process and generate.
And consumers are growing more concerned about protecting their data, while at the same time, national security threats and cyber crime is pushing governments to demand more access from enterprises and providers alike. Threats to data are constantly changing, and companies that react to threats are likely to be left scrambling, hastily deploying measures that may not serve them long term. Firms should adopt proactive strategies for data protection and should develop strategies that address the following critical trends:
Government policies are changing and complex.
One reason companies delay data protection efforts is confusion about which regulations apply. Recently, EU Safe Harbor agreement was invalidated due to European mistrust of American data surveillance capabilities, but the terror attacks in Paris in November may have some re-thinking the need for government access to data. Requests for backdoor access in the United Kingdom and the United States have privacy advocates concerned. At the same time, tougher privacy laws that expand requirements for breach notifications will take effect in California in 2016. Data-centric protection approaches serve both the security and compliance needs of organizations.
Data needing protection comes from more places than ever.
The data companies need to protect no longer comes only from data collected by company representatives who type it into company data systems. Personal data is collected from an increasing number of devices, including smartphones and fitness trackers. Both collect more data than consumers may realize. And the increased use of mobile payment methods also creates another channel that gathers personal information that needs protection. Security experts expect exponential growth in mobile malware . Protecting data at a granular field and file level guards against the worst outcomes even if data is stolen.
When all of a company’s data resided in a secured data center on the corporate premises, a company had control over its servers, making data easier to protect. The spread of virtualization has changed that; virtual servers, virtual storage, and now virtual networks mean devices don’t have physical boundaries, so it’s harder to implement security measures and monitor workloads to ensure that only authorized access takes place. And with the growth of the cloud, companies give up the traditional controls for access, monitoring and protection. Firms can’t outsource responsibility for their data so; relying solely on the security of third party providers will not limit their liability.
Big Data means big benefits and big risks.
Companies are adopting big data analytics to find hidden insights in their data, and so are criminals. With entire lives lived online now, stolen data in dark web warehouses can be mined to correlate data taken from different sources—entities that had data stolen this past year include health care businesses, the US government’s Office of Personnel Management, and an online dating site—and provide comprehensive personal profiles that criminals can exploit, including profiles of IT staff with privileged access.
Encryption, via SSL and TLS, of data in transit has been standard on Internet for many years. Sandvine, a networking technology company, reports that 2/3 of North American Internet traffic will be encrypted in 2016. But protection of data in transit only addresses a small number of threats; companies need to protect data at rest and data in use with approaches like cloud encryption and tokenization of data before it’s stored in company databases and cloud applications. In many locations, if data is encrypted, consumers don’t need to be notified after a breach, meaning companies protect their reputations as well as their data by using these technologies. For most companies, the biggest challenge is identifying where sensitive data resides. And while encrypting all data is not a practical solution, applying these data protection measures to sensitive and regulated data in sanctioned applications is a good start to managing enterprise risks in the event of a data breach.
The increased concerns regarding the privacy personal information means data protection isn’t an expense any more; it can be a competitive advantage. Companies should be proactive in taking protective measures, evaluating tokenization vs. encryption and choosing the best approach for the data types that require protection. Visit our Cloud Encryption Resource Center to learn more about how to be proactive in encrypting and protecting your corporate data.