Addressing privacy compliance and cybersecurity is becoming more and more challenging for companies. At least 26 states are considering various kinds of data privacy laws. At the same time the rate, depth, and impact of ransomware, wiperware and data breaches has become more intense and more expensive, and there is no indication that the trend will end soon.
Complying with privacy mandates, and preparing for and defending against a data breach, requires knowledge – it requires visibility.
What does that mean? To achieve visibility, an enterprise needs to increase its knowledge of key elements in its infrastructure:
See Your Network
Most C-level executives, other than chief technology officers and chief financial officers, have little knowledge of their network. But understanding what data is stored on the network, how the various parts of the network interact, and who has access to the network (and what kind) is essential to evaluating risks, complying with privacy laws, and preparing and defending against attacks. This means not only knowing what is supposed to be on the network, but the “silent” nodes as well – things like unused servers and the devices that attach to the network, such as personal laptops, smart phones and tablets.
Part of knowing your network also means knowing what is happening on the network. Companies need to know when there is a threat, where it is, and how to contain it. Simply having firewalls and other endpoint security isn’t enough; it’s too easy for hackers to gain access to the network. Being able to “see” what is happening on the network in real time is what can allow a company to defend itself. When a breach is in process, speed is essential.
See Your Data
Surprisingly, many companies are not fully aware of the data they collect, save and process – but this is key to complying with data privacy laws. Companies need to know:
- What data does the company collect?
- What data does the company need to collect?
- How does the company collect data – directly from users, clients, and consumers, or through third parties?
- Where the company stores its data?
- How does the company use the data it collects – particularly personal information of individuals, including employees?
- Who has access to the data?