10 views on the top lessons of Data Privacy Day
Leading IT and data security experts weigh in on the importance of Data Privacy Day to remind organizations of the obligations they have to safeguard personal information.
Data privacy is more critical than ever
January 28 marks international Data Privacy Day, a time for governments, businesses and individuals to reflect on the importance of data protection. In the following slides, several data security and IT experts share their views on what are the most important lessons of this observance.
Cyber defense starts with self-examination
“Cyberattacks regularly made headline news in 2018, and no organization wants to be at the center of one. Data Privacy Day serves as an important reminder for every organization to perform an assessment of their own vulnerabilities. Organizations need to understand how much data they need to maintain, the sensitivity level of the data and where the sensitive data is stored.

“A backup from three years ago will do no good if an organization is targeted by cyberattackers, and that’s why a backup schedule that ensures data is available from a period far enough back to restore prior to the issue is necessary. No one can predict when a disaster – natural or man-made – will occur, so having a restoration plan that is documented, tested and understood by all employees involved will keep organizations safe no matter what happens.”

- Trevor Bidle, vice president, information security and compliance officer, US Signal
Digital entities require trust and privacy
“Trust and privacy are the cornerstones of security. Security does not necessarily imply obscurity and withholding – a society just won’t work in such a world. For society to work, physical entities need to trust each other and ensure privacy. You can’t go to a doctor and not tell the doctor about what is bothering you because you fear the doctor will not respect your privacy. You trust the doctor.

“Now phase shift to today, where a doctor is using a digital assistant to capture notes, and you are using web and mobile interfaces to interact with the doctor. Now there are digital representations of physical entities in play (digital assistants, web and mobile apps) that need to afford the same (if not higher) levels of trust and privacy to you and the doctor.

“Systems will need to change soon to accommodate this status change of digital entities. Digital entities will become at-par with physical entities, and as such, the social contracts as we know them will need to change to ensure the trust and privacy boundaries across humans, systems and data are upheld.”

- Setu Kulkarni, vice president, corporate strategy, WhiteHat Security
A role for automation in protecting data assets
“Data Privacy Day serves as a reminder to remain proactive in protecting and managing your data. The only way to ensure that your business and customers are protected, and remain compliant with any regulations is to know where each piece of data sits and who can access it, as well as tag it and track its lineage in order to understand its usage. In addition, to further data protection and comply with subject access requests, data must be stored in a location with fast and adaptable extract capabilities.

“This is particularly challenging for organizations with a large number of data sets, where manually processing all of this information effectively can be time intensive, and error-prone. This is where automation comes in – data infrastructure automation can help companies ensure all data is adequately tagged, ensuring data is identifiable, auditable and quickly retrievable. This can help companies prove their level of data privacy compliance to regulators and customers.”

- Neil Barton, chief technology officer, WhereScape
The role of government in protecting data privacy
“Data privacy was a hot topic in 2018, and that trend is expected to continue in the coming months. Over the next year, I believe we will see the first sign of government control over large internet service companies. Organizations such as Google and Facebook still don’t seem to understand what privacy means. I think we will actually see some form of legislative control being put forward or even break-ups considered.”

- Stephen Gailey, solutions architect, Exabeam
Old systems and solutions are no match for modern threats and vulnerabilities
“All businesses know by now that they need to prioritize data protection – there’s certainly enough headline scare stories of data leaks, outages and ransomware attacks that should have persuaded them over the past year. Adding to this is the modern consumer perspective of ‘there’s no excuse for downtime, or the loss of data.’ Businesses need to be focusing on ensuring they are resilient against the many threats facing data today, to prove to their customers they are taking data protection seriously.

“The adoption of the latest technology, with innovative new approaches, has led to this number of both planned and unplanned disruptions in a business rising. Combating this means companies need to start looking outside of traditional backup capabilities to keep the business online; they need to choose a modern, resilience approach that can utilize continuous data protection.

“This, paired with the ability to orchestrate and automate the mobility of applications to the ideal infrastructure, will enable businesses to have more than just their customers’ data protected. Organizations will become completely IT resilient, protecting data, infrastructure and reputation – without the downtime.”

- Steve Blow, tech evangelist, Zerto
Vulnerable data goes far beyond obvious digital sources
"People mostly think of data privacy from a perspective of content that is already digitally accessible, but one of the risks that is not discussed enough is the amount of data that's exposed and vulnerable because it's stored on paper or exiled in data sources like backup tapes, optical media, hard drives and even microfilm.

“Data Privacy Day should be a reminder to legal, financial services and other global industries that they must take steps to digitize and extract personably identifiable information in these less-than-accessible data sources and automate reporting for compliance with SOX, GDPR, the California Consumer Privacy Act and other regulations.”

- Alex Fielding, interim chief executive officer, Ripcord
Data backup goes from good idea to compliance mandate
“Data Privacy Day serves as a significant reminder to the technology industry that securing your data is of utmost importance. As more organizations are moving their workloads to edge and hyper-converged environments, companies are looking to protect and recover these workloads.

“Backup and disaster recovery used to simply be good business practices. Now, for many industries, they are a big part of regulatory compliance. Data is more valuable than ever before and how data is managed and protected is increasingly being regulated by law. Platforms that include a variety of backup and disaster recovery features including snapshots, replication, failover, failback and cloud Disaster Recovery-as-a-Service are key.”

- Alan Conboy, chief technology officer, Scale Computing
Students Attend Coding Class At The First Code Academy
Staff education is as important as security investments
“The notion of data protection might be starting to sound repetitive, but it is still top of the business agenda. IT security threats come in all different shapes and sizes, and just as quickly as we put up barriers, cyber criminals find new ways to break through. Businesses need to have confidence in their recovery strategy; relying alone on the traditional ways of backing up data is not sufficient.

“Organizations need to ensure everything is protected including the data, finances and the organization’s reputation. Threat detection software is only half the battle, keep in mind ‘what if any attack succeeds?’ and ensure there is a second line of defense in place that can offer a comprehensive range of security features, from encryption through to backup, hardened archiving, and recovery. Alongside product investment, take the time to educate employees on the latest threats, which in turn will build confidence.”

- Gary Watson, chief technology officer of StorCentric and Founder of Nexsan
data priv 1.jpg
When trusted with data, protection is the most important task
“Over 2.5 quintillion bytes of data are created each day. This pace will only continue to accelerate as automated cars, sensors, drones and the Internet of Things (IoT) introduce new formats at a rapid-fire pace. Clearly, we are in store for an information-infused future. This data is to a business or to an individual, as blood is to the body. Its foundation: trust.

“Banish data, or the trust to protect it, and the world falls apart: all commerce would cease; bank accounts would have zero balances; planes would fall out of the sky; cars would halt in their tracks; power and water would stop flowing. Data, business and life are inseparable, and as indispensable as water, air and electricity. More profoundly, data and systems are so advanced that we can begin to see our human and cognitive form in our own digital data trails. Every day we are building, brick by brick and bit by bit, a digital copy of ourselves, whether we are aware of it or not.

“The nature of the data has changed, as today’s data goes well beyond what you can find in the phone book of a decade ago. In this digital era, your modern data now includes your behaviors (friends list, what you read, pictures, a recording of all your phone calls, etc). But what is the real difference when a bad actor steals 135 million people’s data from a credit aggregator or when a social media company sells 85 million people’s data to a political consulting firm? The actors are different, but the consumer impact is the same. Trust is broken. Whether it be governments, individuals or businesses, when trusted with data, it is job Number 1 to defend and protect that which is entrusted. This trust transcends products or services.”

- Mark Barrenechea, chief executive officer, OpenText
data priv 2.png
New technologies make the job of data protection easier
“Data Privacy Day shines the light on how data is fast becoming the new currency of our economy, which makes how well we manage and protect it a central consideration. The majority of corporate networks are still not fully equipped to manage this change. Most depend on perimeter based security architectures connected by wires.

“However, forward thinking CIOs are taking a more uniform approach to securing their data in transit by using a range of new technologies to transform their WANs, including 4G & 5G LTE, cloud-based management and orchestration, software-defined WAN (SD-WAN) and zero trust IoT network architectures. These technologies enable companies to build self-optimizing and self-repairing WANs that can provide the connectivity, agility and availability they need – all while meeting the security standards that are essential for GDPR compliance.”

- Todd Kelly, chief security officer, Cradlepoint