Comply and Protect: The Data Security Rulebook

KEY TAKEAWAYS

Security teams will have to step up their game to meet new data protection regulations and keep pace with heightened cyber threats.

It’s crucial for organizations to ensure their data security practices are keeping pace with heightened cyberthreats. While some organizations may have tried to get by without dedicating the full range of necessary resources to address cloud vulnerabilities, they’ll find these issues have only expanded without the proper amount of attention.

Organizations must understand how recent breaches have reinforced the need for continuous air gap protection for any volume of data. They must heed new regulations for data security in the cloud, especially if they hope to qualify for cyber insurance. Furthermore, they will also need to audit data trails company-wide in order to guarantee that valuable information does not get into the wrong hands. These issues will be at the core of the online security landscape as we move forward.

Reverse Engineering the Latest Breaches

From Uber to Rackspace to LastPass, 2022 has had no shortage of harmful breaches. In the rush of responding to ransomware and taking stock of the data stolen, we often neglect to consider the most important question — what could have protected this company? (Also Read: Intro to Cloud Security: 5 Types of Risk)

These breaches have made it abundantly clear that organizations can no longer afford to store backup data and primary data under the same enterprise security sphere. An air-gapped solution is crucial to avoid breaches, exfiltration and ransomware, which have become commonplace in the cloud. Individuals must buy into shared responsibility — realizing that they have a duty to secure their own data.

To be clear, simply maintaining copies of your data in a different account or region does not constitute an air gap. The data needs to be encrypted and vaulted, resident on immutable storage, secured with a different set of keys and monitored continuously. Basic cybersecurity practices alone will not suffice. Preventing data breaches requires intentional and thoughtful data protection, and these cloud backup breaches from such well-known companies have shed light on how essential it is to air-gap critical data outside of an organization’s access control domain.

Compliance in the Cloud — A New Era of Data Security

New pushes for compliance will cause seismic waves across tech industries in 2023. As organizations scramble to certify that they’re up to the standard, every sector will have to take proactive steps to accommodate the unforeseen levels of data protection spurred by these regulations.

Advertisements

In particular, there’s a new rulebook for the EdTech industry — one that will demand new priorities for players in the space. Given the endorsement by President Biden to expand COPPA (Children’s Online Privacy Protection Act) to children up to age 16, there are major shifts on the horizon for those who facilitate children’s participation online. Securing the online world for its youngest members is crucial, and compliance on the part of EdTech will be a requirement as this legislation advances.

The developing landscape of data security will extend far beyond the purview of EdTech, however, reaching across the board to dictate new regulations for cyber insurance for financial services, healthcare, manufacturing and other critical industries. As traditional organizations become more tech-centric, they will have to document their compliance with a dizzying number of new data regulations — from ISO 27001 to HIPAA to GLBA to SOC 2. These new parameters will shape data practices well beyond the new year.

Greater Protection of Vulnerable Online Data Trails

Considering the simplicity the internet and cloud have brought to daily living, it’s easy for organizations to fall into a false sense of security. It’s only when data is preyed upon — such as in cases of ransomware — that data trails become top of the mind.

As 2023 progresses, we’ll see teams pay closer attention to the data trails that flippant cloud storage and additional web browsing cause and leave vulnerable for the next attack. Most notably, this includes financial and personal identifiable information (PII). As our online world grows and proliferates, so does the sensitive information stored on it. With that continuing growth of data, companies must wake up to the cyberthreats that data trails can be exposed to, and begin to enact strategies to protect this information before it’s too late.

To maintain a proactive security posture, it’s critical to map out possible threats and fortify response mechanisms ahead of any complication. Not only will this strategy better protect sensitive data, but documentation of enhanced security practices will be required by customers and regulators.

The velocity of our online universe is only increasing and, in the new year, security teams will have to stay on top of their data security strategies in order to counter online threats effectively. (Also Read: DataSecOps: Prioritizing Data Security in the Cloud)

Advertisements

Related Terms

Advertisements
Mike Haas

Mike Haas is the Chief Revenue Officer at Clumio. Mike has spent the last decade building world-class go-to-market teams, most recently leading the Americas for Lacework where he grew the ARR from less than a million to over $100 million. Prior to that, Mike was in sales leadership at Cybereason and Fuze. Mike is driven by helping enterprises to achieve key business initiatives with cloud technologies.