As post-pandemic economic recovery continues to drive rapid acceleration in digital transformation, documented data breaches and service disruptions caused by cybercriminal activity have become an unwelcome part of our daily news feed. In spite of the regulations and compliance requirements that have been mandated across various industries and jurisdictions, the outcome seems to continuously drift toward the inevitable breach of controls, trust, and ultimately, loss of data. It is widely assumed that getting breached is no longer preventable which has prompted regulators to shift their attention to response strategies as well focusing on timely disclosure of such breaches.
Should organizations simply wave a white flag and surrender? Absolutely not! Organizations must continue to develop extensive strategies to double down on their security controls by understanding that data breaches are a symptom of a gap in controls and accountability that are geared to specifically reduce the risks of data breaches and service disruptions.
The pandemic-driven acceleration of digital transformation has further underlined the value of the data which now underpins global economies. Various mandates on compliance and governance for data protection have focused on a singular aim – to reemphasize the significance of archiving accountability across all spectrums of data lifecycle management. Thus, the objective of organizations is to ensure that they continuously demonstrate accountability and control of data when it is in motion and at rest to ensure sufficient data governance.
Organizations can simplify their compliance, privacy and security requirements by looking at accountability from a focused perspective. Accountability drives the clear understanding of what needs to be safeguarded, who is responsible for ensuring that there are adequate controls in place to achieve the safeguarding, and continuous validation that the controls are indeed working to safeguard sensitive data.
Organizations often mistake data accountability as a security technology problem. They wait for security teams to handle the risks without considering alignment to overall business objectives, competitiveness and in extreme cases, survivability. However, the dramatic growth in the number and frequency of data breaches that we continue to witness illustrates that it has become burdensome for organizations to develop a cohesive strategy to meaningfully address risks attributed to lapses in data lifecycle management.
Security of data is directly underpinned by accountability. Throughout the data management lifecycle, visibility into design, implementation, storage and usage of data needs to be driven by a security-first approach. This approach ensures that there are no blind spots in data management to account for where sensitive data resides, who has access to such data from both the custodian and user perspectives, and lastly, how the data is consumed. Developing an agile data protection program brings accountability into focus and allows organizations the means to meet their obligations with full traceability into:
As illustrated in why accountability is important to a security program, those efforts invariably lead to the ability to develop a robust ‘Privacy Program’ that lessens the burden of privacy regulations on an organization. With proliferation of data in a digital-centric world, the boundaries of data as strictly a business property has diminished. With a central focus on the question - who owns the data, the rights of users now sit at the core of digital transactions. Consequently, we now have Privacy Laws from various sovereign states that require organizations to foster data programs that put accountability to users at the center of data traceability.
To summarize privacy requirements, organizations need to be able to account for the following:
1. Where is the users’ data?
2. Give users control over their data
3. What is the data used for?
a. Request for removal of data
b. Ability to rectify their data
c. Option to restrict access to their data
Data traceability poses several challenges for organizations on the technical logistics side. Organizations must first know where customers’ data reside, understand the processing of such data, and provide users ability to control the data. Even when an organization has reached the maturity required to align its security and privacy obligations to its business strategy, meeting those requirements is no trivial task. This is where partnership with Imperva makes the difference by giving organizations full visibility across their data landscape, accounting for usage of the data and enforcing security controls over data operations.
The large enterprise bank in this use case is a global commercial banking firm. It has been going through revitalization of its business through strategic acquisition of regional banks in Europe and Asia to expand its global footprint, as well as creating a virtual banking platform in a shift toward digital-first to better serve its customers.
As the bank seeks to align its global business objectives across vast jurisdictions, lack of visibility into data usage has been identified as an immediate challenge impeding its ability to meet compliance and regulatory obligations. To address this risk, the large enterprise bank seeks to consolidate its approach to data management through targeted initiatives.
To achieve these goals, the bank aims to create an expansive framework that will help the business streamline its data management practices and standardize its procedures to continuously archive compliance, address data privacy and secure data regardless of jurisdiction.
The bank has developed three key areas of focus:
Imperva was consulted to assist the large enterprise bank with its strategic goals to enhance its data governance. Imperva provides an enterprise security platform for data management with an automated framework to ensure security and privacy requirements are embedded into all stages of the data lifecycle. This approach simplifies the bank’s ability to meet its compliance and regulatory obligations while enhancing its data security posture across all jurisdictions through a framework that brings accountability into all facets of data usage across the organization.
For this large enterprise bank, Imperva provided:
The post How to leverage accountability to ensure sustainable enterprise data security appeared first on Blog.