7 minute read
Data Security and Data Privacy Are Two Separate Elements
Haider Muhammad, the Community Manager for MIddle East, Turkey and Africa Community Sales (EMEA) at Milestone Systems, speaks about how newer techniques to be built to ensure data security
How has the need for data security and compliance changed over the past year?
Advertisement
Technology has been changing rapidly over the past few years. Digital transformation has fueled the rapid acceleration of new technologies like cloud computing, Software-as-a-Service (SaaS) applications, Internet-of-Things (IoT), and computing by Smartphone apps. Over the last year, the pandemic led to organizations rushing to enable their staff to work from home or remotely where possible. This meant investing in Virtual Desktop Infrastructure (VDI) and Desktop as a Service (DaaS) applications.
We also have a lot of people working from home on their personal devices. With the lack of movement, online shopping and eCommerce increased. All these activities heightened the security risks. You can see that, unlike earlier, the digital touchpoints of accessing data have suddenly exploded.
Earlier staff were accessing only from the office, and now, there are multiple points. The sudden move to a virtual office has led to inadequate security practices and a lack of awareness and costs of securing devices leading to data security risks. Companies have had shortfalls in implementing adequate security measures and compliance policies.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
We would recommend the following measures for organizations to keep their data secure. Awareness plays a significant role. Employees need to undergo security training to avoid lapses from their part. Some of the tips would be: • Organisations must ensure security awareness training periodically for all the staff about various threats • Organisations must mandatorily implement policies so users will be forced to change their passwords • Use and update antivirus and anti-malware software when needed • Ensure your operating systems are always up to date and update with newer security patches and updates
from manufacturers • Employees must avoid oversharing their screens. During online meetings, they should be extra cautious when sharing their screen • Beware of phishing • Do not acquire or use work-related IT equipment without an agreement with your own organisation.
In the case of Video Management Systems (VMS), it needs a few extra measures as follows: • Awareness: Ensure broader awareness of the need for a secure VMS • Hardening: Tighten up your Video
Management Systems (VMS) as part of an ongoing and dynamic process designed to ensure robustness • Training: Educate users and colleagues on Best Practice in system set-up, installation, and use • Privacy: Maintain a ‘culture of privacy’ by ensuring that the system is compliant with local data privacy regulations. • Regular updates: Keep systems up to date with the latest drivers, patches, and fixes to stay ahead of any hacks
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
There are no specific laws governing the processing of personal data by public sector institutions in the UAE. However, we take personal data very seriously and handle it in the same manner that we would with other countries with laws. In Europe, GDPR is playing a leading role. European Union initiatives protect data in cloud scenarios, e.g., Screms II, which we follow closely to sense early impact for Milestone, our customers, and partners. Another example is GDPR Guidelines and local implementation of rules for storage of video feed.
What, according to you, are the five tips that companies need to follow to comply with data security regulations?
Companies need to understand that data is a sensitive matter and data privacy matters. There can be legal damages in case of non-compliance. We would advise customers to look at data in the following ways that will help them become compliant with data security regulations. Data Analysis: Organizations need to understand the kind of data processed. Depending on the type of personal data, there are different principles to follow.
In short, the more sensitive the data is for the data subject, the better you need to protect it, and the more specific you need to be about what you are using it for.
Do you believe the line between data security and data privacy has started blurring?
I would say Data Security protects data from compromise by external attackers and malicious insiders. Data Privacy governs how data is collected, shared and used. There are data encryption techniques in place that protect data at rest and data in motion.
For example, your credit card data is stored securely and is not visible to your e-commerce stores. In the field of video technology, there are also plenty of solutions with the ability to anonymize data through meta data aggregation, privacy masking, data purging and much more, and thereby video tech can help keep people safe without compromising data privacy.
Continuously, newer techniques are being developed to strengthen data privacy further. Data security techniques are also advancing against new threats, and it is an ongoing process. We can minimize breaches with user awareness and advanced data security techniques. I believe data security and privacy complement each other to mitigate risks and build a strong foundation of trust in the accelerating digitalisation of society.
Nezar Edwan, the Regional Accounts Manager for Saudi Arabia at Infoblox, speaks about data security and compliance
How has the need for data security and compliance changed over the past year?
The COVID-19 pandemic accelerated digital transformation and drastically changed the way things are done and our daily lives. This has imposed a massive impact on the data and data security, making it more challenging to safeguard it from corruption and unauthorized access by internal or external sources.
At the same time, the importance of securing data has grown more critical, as organizations who suffer breaches also suffer financial loss, reputation damage, consumer confidence disintegration, and brand erosion. Furthermore, new government and industry regulations around data security make it imperative that organizations and companies achieve and maintain compliance with these rules wherever they do business.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
With the evolution of technology and networks, several security standards and frameworks exist which address different cyber security needs and business sector requirements. So, there’s no single best security standard or framework, as each serves a specific purpose and is designed to address certain gaps and issues.
However, ZTNA is becoming very popular today, especially with digital transformation and the adoption of modern work styles such as like WFA, WFH & BYOD, as well as SASE--an emerging cybersecurity concept that Gartner described in the August 2019 report entitled ‘The Future of Network Security in the Cloud’.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
Locally within the Kingdom of Saudi Arabia, the National Cybersecurity Authority (NCA) introduced the Essential Cybersecurity Controls (ECC) after conducting a comprehensive study of multiple national and international cybersecurity frameworks and standards.
NCA developed the controls by reviewing legal and regulatory requirements, global cybersecurity best practices, analyzing cybersecurity incidents and attacks on government establishments, and considering the opinions of various prominent businesses around the country.
What according to you are best tips that companies need to follow to comply with data security regulations?
Start simple by adopting a step-by-step approach. First, you need to understand your business and what security regulations apply to you. Then, identify how the digital transformation will affect you on the business level.
Next, determine the data and the assets that you own and what level of impact the transformation will have on those assets. Lastly, determine what conditions should be in place to gain access to your assets, and establish data access policies.
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
Infoblox is a technology leader in DNS security and enterprise-grade DNS, DHCP & IPAM (DDI). Many security regulations and frameworks such as ZTNA and NCA/ECC recognize the necessity of DNS security in emerging networks.
This is because the DNS control plan can provide a layer of foundational security and offers network administrators the ability to gain centralized visibility and control over all of your computing resources, following the tenets of Zero Trust. DNS can be a source of telemetry, helping to detect anomalous behaviour (for example, a device going to a server it usually doesn’t go to) and to analyze east-west traffic. DNS can also continuously check for, detect and block C&C connections. For every cloud and on-premise data center that your enterprise uses, DNS can be a centralized point of visibility and risk reduction.
