INTERVIEWS
Data Security and Data Privacy Are Two Separate Elements Haider Muhammad, the Community Manager for MIddle East, Turkey and Africa Community Sales (EMEA) at Milestone Systems, speaks about how newer techniques to be built to ensure data security How has the need for data security and compliance changed over the past year? Technology has been changing rapidly over the past few years. Digital transformation has fueled the rapid acceleration of new technologies like cloud computing, Software-as-a-Service (SaaS) applications, Internet-of-Things (IoT), and computing by Smartphone apps. Over the last year, the pandemic led to organizations rushing to enable their staff to work from home or remotely where possible. This meant investing in Virtual Desktop Infrastructure (VDI) and Desktop as a Service (DaaS) applications. We also have a lot of people working from home on their personal devices. With the lack of movement, online shopping and eCommerce increased. All these activities heightened the security risks. You can see that, unlike earlier, the digital touchpoints of accessing data have suddenly exploded. Earlier staff were accessing only from the office, and now, there are multiple points. The sudden move to a virtual office has led to inadequate security practices and a lack of awareness and costs of securing devices leading to data security risks. Companies have had shortfalls in implementing adequate security measures and compliance policies. What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance? We would recommend the following measures for organizations to keep their data secure. Awareness plays a significant role. Employees need to undergo security training to avoid lapses from their part. Some of the tips would be: • Organisations must ensure security awareness training periodically for all the staff about various threats • Organisations must mandatorily implement policies so users will be forced to change their passwords • Use and update antivirus and anti-malware software when needed • Ensure your operating systems are always up to date and update with newer security patches and updates
•
• •
from manufacturers Employees must avoid oversharing their screens. During online meetings, they should be extra cautious when sharing their screen Beware of phishing Do not acquire or use work-related IT equipment without an agreement with your own organisation.
In the case of Video Management Systems (VMS), it needs a few extra measures as follows: • Awareness: Ensure broader awareness of the need for a secure VMS • Hardening: Tighten up your Video Management Systems (VMS) as part of an ongoing and dynamic process designed to ensure robustness • Training: Educate users and colleagues on Best Practice in system set-up, installation, and use • Privacy: Maintain a ‘culture of privacy’ by ensuring that the system is compliant with local data privacy regulations. • Regular updates: Keep systems up to date with the latest drivers, patches, and fixes to stay ahead of any hacks Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow? There are no specific laws governing the processing of personal data by public sector institutions in the UAE. However, we take personal data very seriously and handle it in the same manner that we would with other countries with laws. In Europe, GDPR is playing a leading role. European Union initiatives protect data in cloud scenarios, e.g., Screms II, which we follow closely to sense early impact for Milestone, our customers, and partners. Another example is GDPR Guidelines and local implementation of rules for storage of video feed. What, according to you, are the five tips that companies need to follow to comply with data security regulations? Companies need to understand that data is a sensitive matter and data privacy matters. There can be legal damages in case of non-compliance.
// SECURITY REVIEW | JULY-SEPTEMBER 2021
24
We would advise customers to look at data in the following ways that will help them become compliant with data security regulations. Data Analysis: Organizations need to understand the kind of data processed. Depending on the type of personal data, there are different principles to follow. In short, the more sensitive the data is for the data subject, the better you need to protect it, and the more specific you need to be about what you are using it for. Do you believe the line between data security and data privacy has started blurring? I would say Data Security protects data from compromise by external attackers and malicious insiders. Data Privacy governs how data is collected, shared and used. There are data encryption techniques in place that protect data at rest and data in motion. For example, your credit card data is stored securely and is not visible to your e-commerce stores. In the field of video technology, there are also plenty of solutions with the ability to anonymize data through meta data aggregation, privacy masking, data purging and much more, and thereby video tech can help keep people safe without compromising data privacy. Continuously, newer techniques are being developed to strengthen data privacy further. Data security techniques are also advancing against new threats, and it is an ongoing process. We can minimize breaches with user awareness and advanced data security techniques. I believe data security and privacy complement each other to mitigate risks and build a strong foundation of trust in the accelerating digitalisation of society.
