Data Privacy Day: Current approaches to protecting data.

This past week was Data Privacy Week, and Sunday, January 29th, marked the observance of Data Privacy Day. Experts discuss the increased risks posed by cyberattacks to data privacy, as well as the important role employees play in an organization’s data protection, and best practices and solutions to improve data security posture. In this article we see what they’ve said about current challenges to data privacy, and some approaches to overcoming them.

Protecting unstructured data.

Much of the data organizations collect and store will, today, be collected and stored in an unstructured form. This presents distinct requirements and security challenges. Carl D’Halluin, CTO at Datadobi, describes the need for an unstructured data management platform as the creation of unstructured data continues to grow: 

“A staggering amount of unstructured data has been and continues to be created. In response, a variety of innovative new tools and techniques have been developed so that IT professionals can better get their arms around it. Savvy IT professionals know that effective and efficient management of unstructured data is critical in order to maximize revenue potential, control costs, and minimize risk across today's heterogeneous, hybrid-cloud environments. However, savvy IT professionals also know this can be easier said than done, without the right unstructured data management solution(s) in place. And, on Data Privacy Day we are reminded that data privacy is among the many business-critical objectives being faced by those trying to rein-in their unstructured data. 

"The ideal unstructured data management platform is one that enables companies to assess, organize, and act on their data, regardless of the platform or cloud environment in which it is being stored. From the second it is installed, users should be able to garner insights into their unstructured data. From there, users should be able to quickly and easily organize the data in a way that makes sense and to enable them to achieve their highest priorities, whether it is controlling costs, CO2, or risk – or ensuring end-to-end data privacy.”

Securing your data in the cloud.

And cloud storage has overtaken on-premises data storage for many organizations. What are the challenges this shift poses for data security and privacy?

Brad Jones, CISO and VP of Information Security at Seagate Technology, explains the features posited by cloud platforms to assist in data privacy, and the need for multifaceted security approaches:

"Cloud misconfiguration is a key challenge to data privacy in 2023. Organizations need to prioritize compliance across their entire cloud infrastructure. An error in a cloud’s configuration could mean that an employee is just a click away from accidentally exposing an entire database – and opening the organization up to regulatory risk and reputation damage.  

"Good data privacy is good for business and not just because it enhances an organization’s reputation. Compliance helps unlock innovation by driving efficiency. The common systems and controls that come with good data security and privacy strategies help enable knowledge sharing across an organization, which gives employees the information they need to be more efficient and make better decisions. 

"A comprehensive data classification strategy is essential for maintaining data privacy but implementing one is easier said than done. Many organizations don’t fully understand where all of their data is, let alone how it should be classified. Organizations need to establish simple, clear data classification standards and should foster close collaboration between their security teams and stakeholders across the organization to maintain data privacy and security.  

"Cloud platforms offer various native features for data classification that can help maintain privacy. This could be as simple as a tag on a server or storage location mapped to the most sensitive level of data that an application contains, or a more granular object or database level of classification offered by some Platform as a Service providers. Organizations starting a new cloud journey should build data classification into the design and leverage the capabilities of the platform. Organizations that are already in the cloud should understand what features they are not yet leveraging and make a plan to maximize control. 

"Organizations must maintain different layers of security in their architecture, and data encryption is a key factor that should not be overlooked along with other access controls. Ensuring that data is encrypted at rest and that the keys are maintained securely (and not with the data itself) can help ensure data confidentiality and integrity when other controls fail."

Amitabh Sinha, Co-Founder and CEO of Workspot, describes the benefit of Cloud PCs: 

“Today’s attack surface has expanded exponentially. With cybercrime positioned as the fastest-growing crime in the U.S., attacks are increasing in number, scope, and sophistication. Data Privacy Day serves as a reminder that security posture is paramount for every organization, and a zero-trust security model is a critical line of defense. In this context, a multi-layer approach is needed. Cloud PCs bring an extra level of security to help ensure no one is trusted without verification, either inside or outside the organization. 

"Many Cloud PC solutions have integrated control and data planes, which can expose customer data. A true zero-trust architecture can be a gamechanger for company security, as it requires separation between control and data planes, which isolates and secures company data from the control elements of the Cloud PC platform. After all, zero trust means trusting no one with your corporate data, not even your Cloud PC vendor!  

"As we look beyond Data Privacy Day, enterprises need to implement future-proof end user computing solutions that also fortify security policy. Cloud-native Cloud PCs are the modern way to achieve the agility and security enterprises need today. When evaluating Cloud PC solutions, IT leaders should consider the following:  

• "Where will my data live? Who will be able to see it? How is it protected? 
• "How will my cloud desktop architecture impact information security? 
• "Where will my Active Directory run? 
• "What systems will be shared between users? 
• "What are the regulatory and compliance implications of the solution? 
• "How quickly can I add Cloud PCs? 
• "How can I deliver the best performance to my end users?”

Amit Shaked, CEO and co-founder at Laminar, explains the advantages of cloud-native security platforms:

“As the world celebrates Data Privacy Day, it’s important to remember that there is no data privacy without data protection. 

“This problem is becoming more acute as organizations adopt hybrid cloud infrastructures without ensuring effective security, privacy and governance for the data stored across vendors and clouds. Two statistics paint the story. Two-thirds (66%) of organizations store between 21%-60% of their sensitive data in the cloud and nearly half (45%) experienced a cloud-based data breach or failed audit in the last 12 months. 

“IT and security teams risk exposing customers and losing intellectual property, strategic advantage, and revenues if they don’t shore up data protection as well as data privacy. Fortunately, by adopting cloud-native data security platforms, these teams can regain visibility into – and control over – their valuable data and keep it private and protected. Using a cloud data security platform provides autonomous and continuous discovery, classification, monitoring and protection of all data stored and used across platforms like AWS, Microsoft Azure, Google Cloud, and Snowflake.” 

And don’t forget the risks quantum computing might pose.

Rebecca Krauthamer, C-Founder and CPO from QuSecure, explains the importance of making security solutions quantum-safe:

“Ahead of Data Privacy Day January 28, it is advisable that federal agencies, commercial organizations and other infrastructure providers begin to immediately assess potential vulnerabilities in their current encryption and cybersecurity practices and start planning for post-quantum encryption.

"Some believe that building a quantum computer powerful enough to break encryption is a decade or more away. Others believe it’s already too late. While quantum computers powerful enough to crack RSA are not yet available, hackers are seizing and storing sensitive data knowing they will be able to use quantum technology to access it soon.

"We know that well-funded hacking organizations and governments are constantly working on novel ways to accelerate quantum development including advance error correction, combinations of individual quantum processors, and advanced physical architectures to become the first to wield the power of quantum decryption. We are most likely closer to more quantum power and the subsequent associated threats to standard encryption than expected. 

"Every day we don’t convert our security posture to a quantum-safe one, there’s no recovering from the damage that will be done.”