8 minute read
Achieving Compliance can be a Challenging and Nuanced Process
Mujtaba Mir, the Senior Sales Engineer of META at Barracuda Networks, speaks about the requirements for data security and compliance
Advertisement
How has the need for data security and compliance changed over the past year?
There has been a significant change, with the majority of organisations going from having no formal guidelines in place, to now having clearly defined data security policies.
This of course has been a result of the changes in workforce dynamics that we have witness over the last 15 months. As people begin to work outside of traditional IT perimeters, they don’t have the same protections as before, while still requiring the same, if not greater, collaboration and communication capabilities.
This has fuelled a growing interest in Cloud Access Security Broker (CASBs). And of course, Data Loss Prevention (DLP) remains a fundamental requirement.
At Barracuda, we are currently running the public beta of Barracuda Data Inspector, our cloud solution which offers advanced data protection features such as data classification, data interaction, and policy enforcement.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
A key mandate, especially for government entities and organisations that manage sensitive customer information is that data remains in-country throughout its lifecycle.
This has had implications on whether or not regional organisations can utilize cloud services, and the third-party service providers they can work with. There are of course specific frameworks that organisations in the region must be aware of and these depend on where these businesses chose to operate.
For example, in Dubai, businesses might have to comply with the DIFC Data Protection Law No.1 of 2007 and the 2020 Law, whereas in Bahrain, they would be required to follow the Personal Data Protection Law (PDPL) which was announced in 2018.
What according to you are the five tips that companies need to follow to comply with data security regulations?
While the specifics requirements that need to be fulfilled can vary depending on the framework, there are broad criteria that organisations should have it place – both in order to meet regulations and to strengthen their security posture.
Perhaps most importantly, they will need to ensure their data is securely backedup and replicated in an offsite holding location such as a disaster recovery site. Data classification is also important as this helps determine how information is stored, transferred, and accessed.
Since meeting the various criteria required to achieve compliance can be a challenging and nuanced process, it is likely that organisations would need to engage the help of systems integrators that specialise in compliance.
Whereas vendors would be able to address specific requirements of the framework, the broadscale expertise of a systems integrator best positions them to address all areas of the undertaking.
Roberto Maranca, the Data Excellence VP at Schneider Electric, speaks about data security and compliance
How has the need for data security and compliance changed over the past year?
The more COVID accelerates the digital transition, the more the resilience risk coming from digital operation escalates in company’s risk profile, so I think at the very least the awareness of what previously was focused mainly on Cyber risk, is comprehending data security and compliance.
The expectation on corporation around transparency and ethics has also accelerated possibly faster than the previous point as more digitally aware generations are gaining spending power and making employment choices.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
The simplest and most important practice a company can put in practice is to develop a detailed “situational awareness” of its own data. The emergent emphasis on data flow mapping, data catalogues and metadata repository in general, it is not an accident: the clear view of the company’s data supply chains is an priceless advantageous piece of intelligence to optimize data security measures and to minimize compliance risks.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
The simple and unorthodox answer would be “Loads!”, there has been an acceleration of regulations that are specifically posing obligations to company around what they do with their data, so much so not to be regulated in a certain country for a certain activity has become the exception. It also noticeable that, although GDPR like regulations have stolen a bit of the limelight, and justifiable so for the potential effect of digital and data on the right individual to privacy, with globalization sovereign states are realizing that data (all of it and not just personal data) is crucial to their economical, political and societal objective and they are busy designing laws that will extend the national borders in the digital space, global companies have to be ready to learn how to be global and sharing their data to be efficient and profitable in a world that will see a marked data protectionist phase, hopefully a transient one.
What according to you are the five tips that companies need to follow to comply with data security regulations?
• First tip: It might sound obvious but unwavering, resilient and personal commitment from the top is key • Second tip: as per the previous point be on top of your data, wherever it is, whoever is using it for whatever purpose… Know your data supply chains • Third tip: be on top of your third parties, a contractual clause about data security should be tested for effectiveness regularly and not just debated after a breach has happened • Fourth tip: if you approach regulation as a “project” you will fail, regulatory response must add something to the
DNA of the company, sustainably, and most crucially include dedicated resources. • Fifth Tip: Test Test Test for the worst scenario, nobody is perfect and things can happen but customer’s and employee’s trust can be rescued out of the most harrowing situations having a very well drilled response to crisis which should involve top management where appropriate
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
Schneider Electric strongly supports the fundamental rights to privacy and data Protection as well as compliance with national and international privacy laws. In the legal and ethical principles, "Our Principles of Responsibility", Schneider Electric commits to maintaining confidential any personal information and to strictly limit any disclosure in accordance with local laws.
Do you believe the line between data security and data privacy has started blurring?
Personally I think that they are complementary disciplines of the same subject, data. There are commonality of tooling, processes and capabilities, but there are also specific aims and skills involved to be successful at both.
BUSINESSES ARE NOT EQUIPPED TO DELIVER ON CUSTOMER EXPERIENCE: IFS STUDY
Businesses are missing out on a significant opportunity to fix internal processes and address the root causes of customer experience issues in the wake of the pandemic, research from enterprise software specialist IFS has today revealed.
The global study, which surveyed 1,700+ executives and 12,000+ consumers, uncovered that despite the majority of companies (66 percent) investing upwards of $250,000 each year evaluating the customer experience through Net Promoter Scores, reviews, and customer satisfaction surveys, 82 percent were unable to recall a single positive example of a recent frictionless customer experience—showing current customer experience processes do little more than wallpaper over the cracks.
While much attention is paid to customer service, the inflection points that occur throughout the lifecycle of an operation and encompass processes, technology solutions, and human coordination are even more important to business outcomes, yet even more frequently overlooked. Only by careful orchestration of these components can companies deliver a quality ‘Moment of Service’, in which everything comes together to create a positive result for a customer.
However, while 79 percent of businesses have invested time and resources in identifying where these inflection points are, when problems are identified nearly a third of managers (29 percent) admitted to reporting them but not taking action.
Furthermore, some 18 percent revealed they were too busy to report issues unless urgent, while just 15 percent said they proactively look to pre-empt problems. '
This begs the question of how companies can expect customer experience and loyalty to improve without taking necessary action, leaving revenue and market share on the table.
With 90 percent of businesses stating they have reengineered or are reengineering their business to ensure customer touchpoints and stages come together for better moments of service, it is vital that companies ensure processes are optimized across each of these inflection points to mitigate issues and fuel growth.
For enterprises that fail at the moment of service, the financial ramifications are significant. A quarter of consumer respondents stated they would never engage with a brand again after just one bad experience, while over half (52 percent) would abandon a company after two to three.
IFS also sought to examine the impact of negative experiences on wider brand perception and uncovered that 58 percent of consumers are very likely or somewhat likely to share their negative perceptions with their network, highlighting how easily a bad interaction can be amplified.
However, it’s not all doom and gloom. Over half (52 percent) of consumers are inclined to leave a positive review, underscoring just how much can be gained by keeping an open dialog with customers and focusing on delivering an exceptional brand experience.
“When it comes to delivering a positive customer experience, businesses have a limited opportunity to get it right. And if they neglect a single inflection point, they are gambling with their outcomes, including profits and margins,” IFS Chief Customer Officer Michael Ouissi said. “There are many points where you can either delight or disappoint a customer across the value chain and it is clear from these findings that consumers are willing to voice their opinions either way. As more and more businesses look to service provision as a key competitive differentiator, running the right enterprise software—engineered for the moment of service and capable of orchestrating a multitude of people, assets and customers—will separate the winners from the losers."
“To achieve this, enterprises must rethink how they architect their operations, and become a ‘composable enterprise’ that harnesses a combination of packaged functions and technologies to deliver outcomes and adapts to the pace of business," Ouissi added.
