7 minute read
Integrated Cybersecurity Solutions Can Help Companies Protect and Monitor Data
Emad Fahmy, the Systems Engineering Manager for Middle East at Netscout, speaks about what companies need to do when they handle large amounts of data
How has the need for data security and compliance changed over the past year?
Advertisement
Data security and compliance have evolved in the role they play in our everyday lives. Both are critical factors for consumers to trust the business entity that they provide sensitive personal data to. As cybersecurity attacks increase, the spotlight is firmly fixed on data security and compliance moving forwards. According to our Threat Intelligence Report in 2020, there were over 10 million DDoS attacks taking place alongside rising rates of ransomware attacks and data breaches. Even though data security has been a recurring and critical topic for a while, the increased reliance on the use of virtual solutions and platforms we have witnessed during the past year has made this a priority.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
As companies struggle to maintain and achieve data security and compliance, their digital transformation journey has propelled them into the more challenging task of managing and tracking data company-wide. Data management best-practice is to put in place clear and defined procedures that support and manage data compliance activities. One of the best ways businesses can protect and monitor data across their organization is through an integrated cybersecurity solution.
At Netscout, we choose to apply three types of safeguards to assure our client’s data is protected: • Technology safeguard, which is done through the application of anti-virus and encryption and the continuous monitoring of our system and data center to ensure compliance • Organizational safeguards, through the training and awareness of our
resources to make sure that they are also applying personal data safety best practices • Physical safeguards refer to securing access to facilities and regular destruction of personal data according to compliance policies.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
Across the UAE, multiple authorities exist that look after data security and compliance regulations and set the standards to be applied by companies in the country. The National Electronic Security Authority (NESA) standards outline the requirements for appropriate implementation of security controls in order to safeguard information assets across all entities in the UAE. Complying with these standards allows the mitigation of identified information security risks and the implementation of efficient controls.
The Information Security Regulation (ISR) works along with the international compliance standards ISO 27001:2013. This regulation evaluates 12 domains among information security structure, ranging from management and governance to performance measurement.
What according to you are the four tips that companies need to follow to ensure data security?
We recommend using an integrated cybersecurity solution to maintain data security while remaining compliant. The main four tips we suggest as requirements for the implementation of an integrated cybersecurity solution are: • The ability to classify and understand sensitive data in order to achieve visibility on different data platforms. • The option to map identities to ensure
the authentication of anyone logging into the system. • The continuous risk analysis of sensitive data in order to simplify the tracking and prevention of data leakages. • The planning and monitoring risk to protect data from unauthorized access by implementing automated orchestration.
Do you believe the line between data security and data privacy has started blurring?
With businesses facing rapid data growth across the enterprise as they embark on their digital transformation journey and individuals’ shift to a more virtual way of living, the line between data security and data privacy becomes increasingly blurred.
As large volumes of data are widely available today more than ever, we have to place high importance on managing and protecting data to avoid its misuse and ensure regulatory compliance and customer trust, making data security and privacy more important than ever before.
Security and Privacy Go Hand in Hand
Hyther Nizam, the President for Middle East and Africa, at Zoho, speaks about how Data privacy enables people to control the use and disclosure of their data, and lets them exercise their rights over it
How has the need for data security and compliance changed over the past year?
With remote working as a norm is the past year, more and more businesses are looking for cloud software to run their business.
The data is no longer residing behind the firewall. They now rely more on cloud software vendors, hence the need for strict data security and compliance has increased. You are as strong as the weakest link. It’s important to identify the weakest link, isolate it and have the right data security strategy in place to fix it.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
Security should be the core foundation on which customer data has to be laid. It has to be thought through from the ground up, right from the first step of writing a piece of software code to selecting the network or data storage devices.
First, organizations should adopt Zero Trust approach. Interestingly, trust is key factor to retain employees, but in security context, to retain customers we need to adopt Zero Trust policy of not trusting anything to ensure customer data is 100% safe and secure.
Second, Bring Your Own Device (BYOD) policies should be clearly stated. This is a key area for potential data leaks. Third, become compliant to security practices and privacy laws. European Union's General Data Protection Regulation (GDPR) has become the gold standard for privacy.
Apart from GDPR compliance, companies should become ISO certified on Information Security Management System (ISMS) ISO 27001 series - 27001, 27017, 27018, 27701.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
It’s important companies that handle large amount of public data follows the principles of Federal Information Processing Standards (FIPS) and GDPR which can be set as baseline for global privacy compliance. Many countries are following the core concepts of GDPR when drafting their privacy laws.
For example, South Africa has come up with Protection of Personal Information (POPI) Act that follows the footsteps of GDPR. It would be good if companies follow other key security frameworks like NIST and ENISA which focuses on cybersecurity.
What according to you are the five tips that companies need to follow to comply with data security regulations?
• Understand the assets and continually assess the threat landscape • Continuous monitoring and audit • Automate compliance wherever possible, even enable AI/ML based technology • Adopt global standards and map local frameworks to it • Standardize common practices so that deviations/anomalies can be observed easily
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
The first step is to set up a separate department in the organization to look after security, privacy and compliances. At Zoho, we created awareness, conducted training programmes and sensitized all employees on security and privacy.
For customers, we set up default security configurations wherever possible and provide options to them to configure or re-configure the settings according to their organisational requirements, especially providing controls to customers to define security parameters like access controls and encryption.
Do you believe the line between data security and data privacy has started blurring?
Security and privacy go hand in hand. Data privacy enables people to control the use and disclosure of their data, and lets them exercise their rights over it.
Data security provides security over user's personal as well as non-personal data such as confidential information and other business assets. Security is more often seen to enable data privacy, while more data privacy requirements encourage organizations to improve their security.
The good news is that more organizations are taking privacy and security seriously than ever before. Consumers are becoming more aware of privacy and surveillance issues and the potential risks that ad-based companies pose to their data. Privacy is no more perceived as a luxury but a necessity.
Thanks to privacy conscious companies like Apple. For example, in the latest update of iOS, Apple has introduced App Tracking and Transparency (ATT), where an app has to get explicit permission from the user to access location, microphone, contacts and photos. Such consumer awareness on privacy is accelerating the data privacy actions inside organizations.
