External hackers and insider threats. Customer expectations and government mandates.
Data protection is a complex challenge, and it demands attention at every level of an organization. PKWARE's in-house experts are here to help you stay up to date on best practices, emerging trends, and new resources for enterprise data security.
A big focus of the 2016 European Legal Security Forum (July 12 at 155 Bishopsgate, London) is on the General Data Protection Regulation (GDPR), which will require companies doing business in the European Union to better secure how they collect, store, and use personal information by 2018.
In keeping with the law’s central concepts of “data protection by design” and “data protection by default,” organisations must build stronger data security into their products and services and follow strict guidelines on how personal data may be used. Failure to comply will carry severe penalties of up to 4% of a company’s annual turnover (gross revenue). The law provides specific rules for data processors -- businesses that collect or manage data on behalf of a data controller:
Now that I’m settled in here at PKWARE, I’m going to do something I haven’t done since my journalist days: I’m going to interview people on a regular basis and work the feedback into a steady stream of analytical posts.
I’ll ask questions of my colleagues, for sure. But I’m also going to ask questions of people outside the company, particularly security practitioners who deal with the challenges our technology is designed to address.
This post is my opening salvo, an unscientific poll of sorts.
Among the 2016 cybersecurity predictions he made back in January, PKWARE CEO and President V. Miller Newton said a presidential campaign would be hacked before the November election.
That prediction has become reality, according to The Washington Post.
Ask PKWARE customers about the biggest challenge they face, and many respond with one word: compliance.
Every industry has separate mandates to worry about, such as HIPAA for healthcare, and PCI DSS for financial services. The common denominator in just about every compliance mandate is the need for Data Loss Prevention.
Overall, compliance requirements have been good for security. If it weren’t for these regulations and industry standards, many enterprises wouldn’t be doing nearly enough to safeguard sensitive data.
But there are risks in how enterprises handle compliance. A checkbox mentality often ensues, where companies put their primary focus on checking off the boxes on a list during a compliance audit.
Here at PKWARE, when we describe the types of adversaries our technology is designed to block, we say “thieves, snoops and idiots.”
The first two are easy to describe. The thief wants to break into enterprise networks and steal sensitive information and the snoop is either out to invade your privacy or is a trusted employee with access to information that, if shared with the outside world, could cause a lot of damage to the enterprise’s reputation.
I recently presented at the Healthcare Information and Management Systems Society – North Carolina Chapter – where I talked about the importance of securing data within the healthcare industry. During my time at the conference, I kept my ear to the ground to better understand broader trends impacting the industry and left with three big takeaways: