Achieving Compliance Can be a Challenging and Nuanced Process Mujtaba Mir, the Senior Sales Engineer of META at Barracuda Networks, speaks about the requirements for data security and compliance
How has the need for data security and compliance changed over the past year? There has been a significant change, with the majority of organisations going from having no formal guidelines in place, to now having clearly defined data security policies. This of course has been a result of the changes in workforce dynamics that we have witness over the last 15 months. As people begin to work outside of traditional IT perimeters, they don’t have the same protections as before, while still requiring the same, if not greater, collaboration and communication capabilities. This has fuelled a growing interest in Cloud Access Security Broker (CASBs). And of course, Data Loss Prevention (DLP) remains a fundamental requirement. At Barracuda, we are currently running the public beta of Barracuda Data Inspector, our cloud solution which offers advanced data protection features such as data classification, data interaction, and policy enforcement. Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow? A key mandate, especially for government entities and organisations that manage sensitive customer information is that data remains in-country throughout its lifecycle. This has had implications on whether or not regional organisations can utilize cloud services, and the third-party service providers they can work with.
There are of course specific frameworks that organisations in the region must be aware of and these depend on where these businesses chose to operate. For example, in Dubai, businesses might have to comply with the DIFC Data Protection Law No.1 of 2007 and the 2020 Law, whereas in Bahrain, they would be required to follow the Personal Data Protection Law (PDPL) which was announced in 2018. What according to you are the five tips that companies need to follow to comply with data security regulations? While the specifics requirements that need to be fulfilled can vary depending on the framework, there are broad criteria that organisations should have it place – both in order to meet regulations and to strengthen their security posture. Perhaps most importantly, they will need to ensure their data is securely backedup and replicated in an offsite holding location such as a disaster recovery site. Data classification is also important as this helps determine how information is stored, transferred, and accessed. Since meeting the various criteria required to achieve compliance can be a challenging and nuanced process, it is likely that organisations would need to engage the help of systems integrators that specialise in compliance. Whereas vendors would be able to address specific requirements of the framework, the broadscale expertise of a systems integrator best positions them to address all areas of the undertaking.
35
