How Compliance Officers Can Get Some Much-Needed Rest

Print Friendly, PDF & Email

In this special guest feature, Peter Duthie, Co-CEO and Chief Architect for Ground Labs, discusses how to address data security at the c-suite level and why data discovery initiatives are the best way to combat security challenges and remain compliant. Peter drives the company’s future innovation. He created the foundational technologies that empower Ground Labs’ customers to discover, identify and secure all of their sensitive data. Peter also assembled the engineering team that created Ground Labs’ solutions for its enterprise and SMB customers. He is currently based in Austin, Texas at the company’s North American headquarters. A graduate of the University of Sydney’s computer science program, Peter holds multiple patents related to the acceleration of malware security applications through pre-filtering.

The recent implementation of compliance regulations including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have made compliance more important than ever in today’s fast-evolving digital ecosystem. These regulations have given consumers more control over their personal data and helped hold organizations accountable for how they use and share data — making compliance essential to the success or failure of an organization.

With these regulations in place and potentially more on the way in the coming years, it’s vital that Compliance and Chief Risk Officers know where all customer and organizational data lives within their organization’s network, both on-premise and in the cloud. Without this information, businesses are putting themselves at risk for data breaches that can cost millions of dollars in fines and lost revenue from losing customer trust.

Detecting where an organization’s data lives seems simple, but 97 percent of companies are investing in big data and AI with some failing to know where all that information is being stored, shared or worse, stolen from. As all organizations continue to shift towards a focus on big data, they’re using agile data software such as Hadoop and Apache Spark to analyze and store its data. This has turned data security into an afterthought compared to traditional data storage environments. How can Compliance Officers counteract this and get some much-need peace of mind?

Gain Insight into Where Data Resides

In the first half of 2019, data breaches exposed 4.1 billion compromised records as a result of organizations prioritizing the security of only a fraction of the sensitive data they have access to. Failing to realize that bad actors can access and take advantage of unknown data or data that may seem harmless, puts businesses on the defensive. With the hopes of achieving transparency within the organization, Compliance Officers should conduct a complete data sweep of all devices on the network. 

Because data is created and stored at a speed and scale never seen before, having an understanding of where it lives, what it contains and who has access to it is the best way to keep it secure. As data comes through sanitized sources and into an organization’s big data environment, it’s subject to analysis across a multitude of places and tools leading to the disbursement of personal data across servers, workstations, databases, email and backup systems. All this information is nearly impossible to track without the use of automated tooling systems that can efficiently and effectively track down and identify where its data has spread.

One thing Compliance Officers need to keep an eye on is where employees store classified documents — is it in a personal file or desktop; could it be in email or in Sharepoint? How are HR teams storing employee data and where? Knowing the security posture of the business is the best way to gain key insights into where data resides and how to prioritize data management, putting organizations on the offensive side of security and data discovery.

Employee Education and Training

On top of regular reporting and transparency, taking the time to educate organization leaders and employees about data security regulations is key. Compliance Officers can support and ensure the security of their data management strategy by teaching all employees how to think and act critically. For example, training courses and resources on how to question and look out for suspicious emails by checking sender email addresses, grammar and spelling can all reduce risks against phishing threats. To go along with this, educating employees that the decisions they make with company data – and personal data on company systems – are also just as critical. Where they store all types of data whether it’s addresses, emails, SSN numbers as well as who they share it with all have a direct impact on the success and security of the organization.

With 90 percent of data breaches caused by human error, teaching employees about data security can go a long way to avoid disaster. This goes for organization leadership as well, ensuring that leaders consider how they treat data is the first step to organizational change and protection. Of course, even with these types of training in place, Compliance Officers still need to be prepared for a breach and have a crisis plan in place that can limit downtime and mitigate additional risks.

Constantly Assess and Audit Security Tools

In 2020, organizations should expect to increase their cybersecurity spending, with some executives predicting increases of up to 25 percent. Combine that with the fact that some organizations already have an average of 80 security vendors’ products in place, leading to a bloated cybersecurity budget.

By assessing the success of these tools and auditing the entire security stack, Compliance Officers can discover what solutions are working well and which tools have been ineffective, outdated or ignored. Identifying overlapping tools is a great way to eliminate tools and reduce spending where possible.

Staying on top of what security solutions are being used and how they relate to the overall budget will help Compliance Officers make the right investments when it comes to technology and hopefully reduce the number of security vendors they need to monitor and rely on.

When it comes to data security, there are no guarantees, but having the right tools in place and a plan to deter attacks is a good starting point to avoid the loss of millions of dollars and customer trust that a breach can cause. This starts with discovering where all of an organization’s data lives and who has access to it. Once all sensitive data has been located, Compliance Officers need to consistently educate employees and leaders on what they’re seeing in the market and audit their security tools accordingly. By following these practices, maybe Compliance Officers can finally get some rest.

Sign up for the free insideBIGDATA newsletter.

Speak Your Mind