Data protection is a complex challenge, and it demands attention at every level of an organization. PKWARE's in-house experts are here to help you stay up to date on best practices, emerging trends, and new resources for enterprise data security.
A complicated—and ultimately unnecessary—lawsuit is winding its way through the California courts this year, as Waymo and Uber clash over stolen trade secrets. Here are a couple of undisputed facts: a Waymo employee stole 14,000 documents from Waymo servers pertaining to self-driving car technologies, and Uber hired the former Waymo employee. Now Waymo accuses Uber of using those stolen documents, and wants the courts to shut down its self-driving car research. Unfortunately for Waymo, the courts ruled that the stolen documents don’t meet the standards for trade secrets—and that Uber can keep moving forward on self-driving car research.
Before it has funding, a marketing campaign, customers, or even an office, a startup has one all-important asset: information. In fact, you could say that every startup begins its existence as information itself, in the form of a codebase, a blueprint, a business plan, or some other form of intellectual property. As a company grows, it will collect vast amounts of new information in a variety of forms—customer data, transaction records, plans for additional products—all of which are critical to its survival and success.
Unfortunately, few startups recognize just how much protection their data requires. A strategy based on network and device security, no matter how sophisticated it might be, simply isn’t enough to keep data secure. Companies that fail to encrypt their data are taking an unnecessary risk that can rob them of their ability to grow and compete.
After months of delays, the Trump administration has issued its first executive order on cybersecurity, signaling the direction that the federal government’s new strategy will take. The order addresses three broad topics: the security of federal networks, protections for critical infrastructure, and cybersecurity for the general public. Among its calls to replace outdated technology and to create a more capable cybersecurity workforce, the order contains one directive that will make an immediate difference in how the government manages its cybersecurity programs.
Data breaches are simply a fact of life. Businesses in every industry, in every country, are attacked by data thieves and malicious insiders on a daily basis. As pervasive as they are today, cyber threats will only grow more severe as time goes on—each newly-developed way to communicate or do business online creates new forms of sensitive data that hackers, industrial spies, and state-sponsored operatives are ready to exploit.
Data protection is no longer the domain of the IT manager.
Enterprise organizations are dealing with larger data volumes, more data-dependent business models, and more unpredictable cyber threats than ever before. These pressures, along with new regulations passed in response to them, have moved the conversation about data protection from the IT department to the boardroom. One of the most visible signs of this shift is the emergence of a new role at corporations and government agencies: the data protection officer.
When it rains, it pours.
After the European Commission adopted the GDPR in April 2016, businesses around the world scrambled to make sense of the new data security law and the obligations it imposed. And then, less than two months later, came the Brexit referendum and the UK’s decision to leave the EU.
Organizations who hadn’t yet come to terms with the GDPR were suddenly faced with the prospect of creating not one, but two new data protection strategies—one to meet the EU regulations, and another to comply with whatever rules would apply in the UK after its exit from the EU was complete. It was hardly surprising when companies in North America and elsewhere began to consider leaving the European market entirely, rather than dealing with the complexity and uncertainly that the legal developments had created.
“I love strong encryption. Strong encryption is a great thing.”
That’s what FBI Director James Comey had to say earlier this month in his keynote speech at a Boston cybersecurity conference. The quote might have surprised a few people, given last year’s confrontation between the FBI and Apple over cell phone encryption, and Comey’s public warnings that the FBI is increasingly unable to access encrypted information on phones, laptops, and other devices. Has the Director had a change of heart?
Now that the first real cybersecurity law in US history is on the books, can we expect to see more of the same?
New York’s cybersecurity law for the financial services industry, 23 NYCRR 500, took effect on March 1. The law is making headlines not because it creates a heavy new burden for compliance, but because it takes a broader view of information security than any previous state or federal law. As a highly visible attempt to set priorities and minimum standards, the New York regulations have the potential to influence the long-term direction of cybersecurity legislation in the United States.