It all begins with data. Data is the biggest commodity in our world today and is becoming a highly regulated area. It encompasses the very essence of cybersecurity, and it is exactly what companies fight so hard to protect and secure.
Companies are not only contractually obligated to protect customer, vendor, organizational and employee data, but are also legally required to have in place a strong security framework that incorporates technical and organizational measures. Importantly, if your organization hasn’t fully moved to the cloud yet, it will have to do it soon. So, it is best to proactively align your organizational practices and modernize your infrastructure sooner rather than be reactive and relent at the last moment to regulatory pressures.
However, processing and collecting data comes with many challenges such as:
- Commercial disruptions
- Security threats
- Practical application of the law
- Rapid data growth
- Accurately/adequately measuring risks
- Aligning internal and external stakeholders
In the first of our four-part series, we will discuss the framework of data protection legally required, best practices for legal compliance (including insurance); and the importance of a robust data governance plan to protect your organizational data whilst complying with regulations.
In the absence of federal law, California introduced the strictest data protection measures in the US: the California Consumer Privacy Act (‘CCPA’). The CCPA governs the way in which organizations can collect, process, store and access personally identifiable information (‘PII’), which includes regulatory [security] requirements for implementation.
You might ask, does this apply to my organization?
If you collect and disclose PII then, yes, this does apply to you. The CCPA requires that organizations implement and maintain “reasonable security procedures and practices” to protect the PII of consumers. This is to preserve: confidentiality, integrity and availability of consumer data.
But… the CCPA doesn’t directly define what these measures look like, however, the Center for Internet Security’s (‘CIS’) Critical Security Controls outlines 18 controls to better protect your organizational environment. These 18 controls list specific cybersecurity measures such as:
- Data encryption;
- Identity and access management;
- Audit log management;
- Actively manage all enterprise assets (end-user devices, mobile devices, non-computing, and portable devices);
- Monitoring and blocking unauthorised access; and
- Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.
The more data is collected, the more you must ensure its safety. Therefore, the integrity of your data depends on cybersecurity.
Were you aware that Aegis can help to protect your organizational data, comply with regulations and drastically minimise the risks of data breaches through data governance planning?
Data Governance Planning
Microsoft defines data governance as ‘the collection of processes…and standards that ensures an effective and efficient use of information. This also helps establish data management processes that keep your data secured, private, accurate, and usable throughout the data life cycle.’
To drive business growth and protect data, a holistic and dynamic data governance strategy is necessary that manages risks, reduces costs, and executes business objectives effectively.
Click here to read more: Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study – Microsoft Security Blog
A data governance plan helps to modernize your IT network and a global industry council, the EDM Council, created Cloud Data Management Capabilities (CDMC) that prescribe a framework for what data governance should encapsulate. This includes (this is non-exhaustive):
- Data lifecycle management
- Data privacy
- Data quality
- Data sovereignty and cross border sharing
This strategy should incorporate Zero Trust principles, especially if you are handling mass amounts of data. (Much more on this next week)
There are some fundamental things to consider when creating your own data governance strategy. The strategy needs to be holistic and incorporate all business units for data centralization.
- Build standards into your existing process and implement them as engineering solutions.
- Consider implementing a modern data foundation with integrated toolsets.
- People and processes are just as important as tools and infrastructure.
While there is no single data governance strategy that will work for every business, a cloud-based, scalable solution, such as Azure, will help organizations adapt to future needs while being more cost-effective.
Why you need Cyber Insurance today
Even insurance companies are driving demand now more than ever for organizations to have more robust cyber protections across all industries. Insurance companies are prompting their clients to implement security protocols such as:
- Employee awareness training
- Password management system (or more recently passwordless)
- Advanced endpoint protection (not just anti-virus)
…ensuring they are deployed holistically across all machines within the organization.
If you are proactive in your response to data protection and cybersecurity management then you can reduce the risks to your business and therefore will reduce the premiums for insurance policies.
Stay tuned for next week where we dive into Zero Trust.
To learn more about what we do visit our website. Alternatively, if you want to get straight to data governance and protecting your IT networks then connect with Matt here: Book a time with Matt