INTERVIEWS
CISOs Can Provide a Long Term Vision to Security Amit Hooja, the CEO of NetGraph, speaks about how companies can stay compliant and keep their data secure How has the need for data security and compliance changed over the past year? As more business moving towards online interactions, threats are increasing in a daily basis and businesses have to work towards securing customers by keeping the data and privacy intact. Different industries and jurisdictions are drafting their own set of rules, regulations and compliance requirements and a more or less similar to each other. However, some industries have higher needs for security, especially in the case of medical records, financial transactions, etc. Also similar to GDPR, it now evident that a lot more countries are moving towards creating their own set of privacy rules. What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance? In the current business environment, IT is of equal importance and must be given it’s due. One way to ensure that there is a tight knit unit that works with every department would be to have a CISO is place who will be able to provide a long term vision to security. Another area that needs to be a focus area is the appropriate polices are set on data management and how the process will work in terms of handling customer data. Besides, organizations should be able to identify data access groups and what level of data is accessible and transferred between departments. One of the most crucial ways to ensure data security would be the usage of encryption wherever personal or sensitive data is stored. This must be fortified with encryption keys that have limited access. Are there any regional data com-
pliance regulations and frameworks, which companies that handle large amounts of public data need to follow? What we see here in the UAE is that some entities have their own public data regulations, and most public data would fall under the general criminal law. Businesses are also equipped to comply with the GDPR requirements if applicable. However, there is an increased awareness of data privacy and it is being given priority treatment as more and more customers are aware of how their data is being stored. Should there be any data breaches, it would cost the company major loss of revenue as well as reputation. What according to you are the five tips that companies need to follow to comply with data security regulations? • Know your data flow - who owns what and who deals with what data and for what purposes • Data flow should be in encrypted into whatever channels it goes through • Access key should be guarded and provided only to a certain level of data access they need • Big format exports should be rare and audited • Integration and API should be well audited well • Disclosures to users based on country of jurisdiction Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant? Compliance has been gaining traction across the globe and as Managed Security Service Providers, we are aware of the increasing need to strengthen our customer’s data protection posture. We provide a set of services that will help in establishing strong processes for data
// SECURITY REVIEW | JULY-SEPTEMBER 2021
30
management, setting encryption in place for sensitive data, determine the eligibility and type of data available to different people across the organization and also provide airgap and time-based access on data whenever needed.
