With the recent implementation of the California Consumer Privacy Act, the timing could not be better to discuss the importance of taking steps to protect sensitive data while also keeping personal data private and secure.
For Data Privacy Day, the following tech industry experts discuss how data privacy impacts consumers and businesses and steps to take to ensure data is safe and secure.
Lex Boost, CEO, Leaseweb USA
“Data privacy is one of the hottest conversation topics spanning all industries and regions – for good reason. With exponential amounts of enterprise data only increasing, ensuring data privacy involves layered, complex challenges for any business. From a cloud hosting perspective, meeting evolving compliance and privacy regulations, such as the new CCPA law, is one of those layers. One of the most important steps organizations can take to guarantee they are on the right path towards compliance is to rely on hosting providers that have teams experienced with GDPR and CCPA regulations. These providers can guide the process needed to guarantee data is managed within current and upcoming privacy regulations, allowing organizations to focus on maximizing data usage and the experience for their customers.”
Rob Mellor, vice president and general manager EMEA, WhereScape
“Data Privacy Day serves as a reminder to remain proactive in protecting and managing your data. To stay compliant with privacy regulations such as GDPR and CCPA, knowing where each piece of data sits and who can access it is essential. Also, by tagging the data and then tracking its lineage, this helps organizations better understand its usage. Data must then be stored in a location with fast and adaptable extract capabilities, in order to further data protection and comply with subject access requests.
“Organizations with a large number of data sets can experience significant challenges, since manually processing all of the information can be time-intensive and error-prone. One solution many organizations are turning to is data infrastructure automation, which is helping companies ensure all data is tagged, identifiable, auditable and quickly retrievable. Companies can then more easily prove their level of data privacy compliance to regulators and customers, and be better prepared for data privacy regulations today and in the future. Data infrastructure automation additionally allows organizations to fully optimize and auto-generate code in-house rather than rely on non-standardized custom code generated by third parties. This further reduces an organization’s data privacy regulation risk.”
Alan Conboy, office of the CTO, Scale Computing
“Data Privacy Day serves as a reminder to the technology industry that protecting your data is of utmost importance. This has been increasingly true with the recent implementation of the California Consumer Privacy Act (CCPA), which is shining a light on the rising regulation of data protection and privacy. With more organizations moving their workloads to edge computing and hyperconverged environments, businesses are looking to protect and recover these workloads, in addition to complying with data privacy regulations like CCPA. With this in mind, it is essential that these platforms include a variety of backup and disaster recovery features such as snapshots, replication, ransomware protection, failover and failback, so that organizations can help safeguard their digital assets today and in the future,” said Alan Conboy, office of the CTO, Scale Computing.
Trevor Bidle, VP of Information Security and Compliance Officer, US Signal
“Last year, a survey showed that between 2017-2019, 83% of organizations were hit with a cyberattack. Cyberattacks have gone from targeting large enterprises to SMEs and individuals, and with the new decade comes new ways cybercriminals are going to try and get ahold of your data. In fact, it is predicted in the 2019 Official Annual Cybercrime Report that by 2021 a cyberattack will happen once every 11 seconds – so the first Data Privacy Day of the decade is a perfect time to revisit how you’re protecting your company’s and customers’ data.
“One of the best ways to maintain data protection and privacy is to utilize the benefits of a regional data center provider. Regional data center providers will be able to provide you with high capacity and dedicated network connectivity solutions that enable your data to be processed at high speeds, stored securely and recovered quickly–while maintaining compliance. The infrastructure that colocation spaces offer will assist companies in effectively managing the potential fallout from the increase in data and the increase in cyberattacks.
“Data center providers usually also come with a range of security offerings to protect your data. These offerings should include services such as resilient private network with redundant core, private connectivity between their data centers, infrastructure security (such as IDS, IPS, centralized log monitoring, and SIEM/SIM), penetration testing, data encryption at rest and in transit, and more that would elevate the protection of your data.
“As cyberattacks grow and become more sophisticated, it is important to take time this Data Privacy Day to research regional data center providers who can assist in making your data safer from cybercriminals and potential privacy risks.”
Sam Humphries, senior product marketing manager, Exabeam
“In a 2019 Forrester survey, respondents revealed that 48 percent of data breaches in their organizations were caused by insider threats. This has been trending upward in recent years, resulting in tightened security rules and monitoring that leaves some employees concerned about their data privacy. This year on Data Privacy Day, I encourage IT teams and HR departments to collaborate on a plan that communicates to employees what data your company is monitoring, and why. This is a best practice that will pay dividends as everyone wants to work with organizations that respect the privacy and security of their customers and their people.
“Companies should aim to be transparent about data monitoring and craft policies for employees that are accessible either through paper or digital trainings. Content should avoid confusing jargon and feature an appropriate contact person who can answer any questions. Even for organizations that are not required to comply with data privacy laws like GDPR or CCPA, it’s still a good idea to use these five points as guiding principles for data protection:
- Is the data monitoring lawful, fair and transparent?
- Will the personal data collected be used for a specific purpose?
- Is every reasonable step being taken to erase or rectify data that is inaccurate or incomplete?
- Is data deleted once it is no longer necessary?
- Is the data being appropriately secured?
“To achieve and maintain privacy, the key is education. Data Privacy Day, therefore, serves as an annual reminder for organizations to review privacy policies with employees and conduct audits for compliance especially during times such as this, when new laws like CCPA have recently taken effect. This can reassure skeptical employees that their accounts are protected and that their privacy is maintained, while also safeguarding organizational data.”
Jay Ryerse, CTO, Security Products for Continuum, a ConnectWise company
“Data Privacy is the present and the future. We are starting to hear from colleagues and our customers that data privacy be built into everything we do as service providers. Our clients understand that we have the keys to their network and will need to have controls in place to protect their data while at rest, during processing, and when in motion. Our colleagues demand we take the confidentiality of their personal data as a serious matter. They don’t want to see their employer ignore the responsibility associated with their privacy; this is no longer a ‘nice to have’ but should be incorporated into everything we do.
“Service providers need to fully immerse themselves into the threat landscape and the best practices associated with securing data. Without cybersecurity, there can’t be privacy. This deep dive includes the governance aspect of data protection as well as the technical and physical controls necessary for the confidentiality, integrity and availability of data.
“Consumers and businesses need to start asking the tough questions of their vendors. They need to understand the supply chain for the services they outsource and what those companies are doing to provide best in class cybersecurity protections. And if those vendors don’t have a good answer or don’t believe they are at risk, then it may be time to find a new provider.”
Joseph Feiman, Chief Strategy Officer, WhiteHat Security
“Society is moving toward greater openness and broadly sharing information, including data that just a few years or decades ago was considered most sensitive. Sharing takes place via a wide variety of professional and social networks and public media. Governments are under social pressure to open more information as well.
“This combination of the: 1) growing volume of information, 2) complexity and ineffectiveness of protection technologies, and 3) growing openness, will lead to the realization that: A) it is impossible to protect it all, B) there is no need to protect it all.
“On Data Privacy Day, governments, organizations and individuals should take a moment to reflect and realize that protection of all information is unrealistic, and the battle for it has been lost (actually, the victory has never been possible). They should explore their ability to protect somewhere around 25% of the information they own/handle. For that, they have to select the subset of the most valuable information that is worth protection and that is feasible to protect. They should be gradually, over the years, placing the remaining 75% of the information in the fully/partially open access realm.”
Michael Jack, VP global sales, co-founder, Datadobi
“Incidents of ransomware attacks on vulnerable file storage systems are on the rise. Organizations have clear directives to protect their file data from disaster, and a key part of this process is having a secure third copy of their NAS data in case of an attack on production or disaster recovery systems. This step provides a greater security if all other protection means have failed.
“The reality is, NAS data has not been easy to fully protect. Typical solutions have included using outdated technology such as NDMP, relying on necessary but insufficient ‘snap-and-replicate’, or simply doing nothing and hoping for the best. These outdated technologies don’t work because of the current scale of NAS systems and the fact that data is typically never deleted due to its intrinsic value in the current economy. However, with the proper tool, creating a third copy of NAS data, no matter how big or small, can be straightforward. Putting such an option in place – in a bunker site, behind an air gap, or in the cloud – gives organizations the best chance to keep NAS data protected from the outside world.
“And, if the worst does occur, with the right solutions supporting it, a third copy can be either a fully functioning DR that supports fail-back or a Golden Copy that can be restored to any NAS if the source NAS is no longer available.
“Ultimately, in a world of constantly arising threats, organizations must develop the ability to protect their NAS data quickly, flexibly, securely, and cost effectively, and not rely on outdated methodologies and tools.”
Caroline Seymour, VP, product marketing, Zerto
“All businesses know by now that they need to prioritize data protection – there’s certainly enough headline scare stories of data leaks, outages and ransomware attacks that should have persuaded them over the past year.
“Beyond the invasive dangers of breached data, it can also cause significant operational disruptions and inflict lasting reputational damage for impacted businesses. Organizations are prioritizing their cyber resilience, to ensure they’re not only able to withstand the many threats facing data but also to demonstrate to customers that these organizations are taking data privacy and protection seriously, fostering trust with their customers.
“By developing and implementing a full compliance program with IT resilience at its core, companies can leverage backup via continuous data protection, making their data easily searchable over time and ultimately, preventing lasting damage from any data breach that may occur.
“With a stable, unified and flexible IT infrastructure in place, companies can protect against modern threats, ensure regulation standards are met, and help provide peace of mind to both organizational leadership and customers.”
Surya Varanasi, CTO of StorCentric, parent company of Nexsan
“IT security threats come in all different shapes and sizes, and just as quickly as we put up barriers to protect against them, cybercriminals find new ways to break through. Nowadays, simply relying on the traditional ways of backing up data is no longer sufficient and will lead to an increasing number of successful attacks.
“Organizations need to ensure all of their data and their customers’ data is protected to avoid any disruption to business operations or customer experience. Though many will prioritize investment in threat detection software, it is only half the battle. Cyberattacks will always get through eventually, and businesses must consider what to do when one does. A second line of defense is the smartest security decision – having a comprehensive range of security features, from encryption through to backup, archiving to recovery, can be what stands between a cybercriminal and your data.”
Scott Parker, Director of Product Marketing, Sinequa
“Today’s Data Privacy Day is the perfect opportunity to emphasize that privacy and data protection are enforced by a growing number of regulations around the world. According to Gartner, before year-end 2023, more than 80% of companies worldwide will be facing at least one privacy-focused data protection regulation and 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today. Organizations that operate internationally are facing new operating environments where they are required to comply with many if not all of these new laws. Organizations that choose to ignore the requirements found in data protection laws ignore them at their own peril, risking hefty fines. To keep up with these changing demands, vendors like Sinequa continue to add more advanced data discovery and automation capabilities to identify and protect sensitive data across the Enterprise to remove any guesswork and the pain of repetitive, inaccurate manual exercises.”
