This article on Data Security was originally posted by Moti Gindi on darkreading.com.
Data Awareness Is Key to Data Security
Data attacks reached an all-time high in 2019 as we continued to transform our lives digitally — moving our work, health, financial, and social information online. In response, businesses must meet hefty data and information protection regulatory and compliance requirements. There’s no room for error. Protections are required for everything from simple user mistakes, such as downloading a file on the corporate network and sending it to a personal account, to malicious insider behavior and nation-state attacks. This task and associated fines are daunting.
Governments worldwide are also addressing these challenges by mandating new data protection regulations and privacy acts, including the Global Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Regulations are introducing stricter information protection standards and unprecedented fines companies must plan for and comply with — up to 4% of their annual revenue — for handling business and customer data.
To keep up with these regulations and the global demand for security and privacy, compliance and data risk officer roles are increasing. They create policies and implement tools to track how data is collected, used, managed and stored across its life cycle so businesses remain compliant and earn customers’ trust.
Security and Compliance Are Two Different Worlds
Even with heightened focus on reducing risk, security and compliance teams have different backgrounds and responsibilities, and historically they have not worked together, which means they don’t always understand the other’s business needs.
When it comes to information protection and compliance, most companies focus on thwarting data leaks by locking down data within their perimeter, which can be a device, file server, or network boundary. Data leakage prevention (DLP) identifies sensitive content and defines policies to prevent data egress across the network, devices, and applications.
In parallel, companies’ security teams operate disconnected threat protection solutions — EPP, EDR, SEG, CASB, UEBA, NTA, etc. — designed to prevent, detect, and respond to attacks on companies’ intellectual property. But often these tools — separate from the information protection and DLP tools — don’t know where this intellectual property and sensitive content resides.
Continue reading here.
Landmark offers comprehensive network security consulting and auditing services. We offer a bespoke layered approach to cyber security, addressing every security need for every size of business. Contact us now.
[email-subscribers-form id=”1″]
