April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Taking a ‘data-centric’ approach to protecting what matters

Paul Ayers

A new European Union regulation that requires mandatory data breach disclosures by telecoms operators and Internet service providers (ISPs) has recently become official.

It requires all EU telcos and ISPs to notify national authorities within 24 hours of detection of any incident that involves the theft, loss or unauthorized access to personal customer data (e.g., emails, calling data and IP addresses). This new regulation also requires EU telcos and ISPs to disclose -- within three days of reporting any breach  -- the specific measures they have taken to address the data breach. 

And that's just the start of it. There is a much broader Draft Data Protection Regulation in the works that requires a similar response from every EU business that handles personal data. Moreover, there are numerous efforts afoot involving new data breach notification requirements in both Asia and the U.S.

For multinational companies, the bar is set even higher, because they will have to ensure they can meet the specific data security requirements set forth in every member state in which they operate. It's a daunting task, to say the least. And, like Sarbanes-Oxley accounting requirements in the U.S. for publicly-held companies, compliance is mandatory, not optional.

Given these new data breach regulations and the rising tide of both advanced persistent threats (APTs) and privileged user threats, the vast majority of companies will have to re-visit  -- and quite likely re-think -- their data security strategy.

According to experts in the field, perimeter security is failing and it is no longer a matter of if a data breach will occur, but rather when it will occur, and how well (and quickly) you will be able to respond. Consequently, it is time to move past the network itself and take a "data-centric" approach to protecting valuable data, such as customer information or IP.

It's also important to think about both process and technology. To stop an APT or insider threat in its tracks, enterprises must implement both best practices (around data access, for example) in conjunction with strong technology solutions architected to ensure that their valuable data remains sufficiently protected. The best way to do this is with a "defense-in-depth" strategy that includes application-transparent encryption, strong privileged user controls, automation tools and the ability to gather and analyze security intelligence information. Moreover, having the ability to "watch the watcher" is of paramount importance because it lets organizations detect attacks against the data, the data security infrastructure and their privileged user accounts.

Identifying unusual and anomalous access patterns by security administrators is a good way either to uncover a malicious insider within the security organization or an administrative account that has been compromised. Businesses would be well advised to review their current data security approach and put in place a scalable data-centric solution that can protect any file, any database and any application, regardless of whether it resides in a physical, virtual or Cloud environment. 

These new regulations, such as the one that recently went into effect in the EU, send a clear mandate to companies: aggressively protect personal customer data or risk significant financial and brand reputation consequences. The good news is that there are ways for enterprises to protect themselves from both financial penalties and brand reputation issues, as more and more of these regulations come into force. 

Paul Ayers is vice president for EMEA at Vormetric. He can be reached at:

[email protected]

 

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...