Data, simply put, is becoming the most valuable, yet most vulnerable asset for any organisation. Sam Emmanuel, Business Unit Manager, Gulf IT, shares insights into the evolution of data privacy and security strategies.
What are the most common missteps organisations take when it comes to data privacy?
Data privacy is a multi-facetted approach that organisations need to take to protect their data in corporate environments. A majority of today’s enterprises lack awareness towards this because traditionally they are used to looking at data security as a solution rather than an approach. The primary reason behind this is the change in the way data is being accessed across various datastores. Many organisations are adopting new methods to keep up with growing business needs, many of these procedures are dictated by the transformation in their approach to security as well. They need to understand that unless we keep up with the trends, we will always be catching up with the bad guys. Data security is not a one-off configuration but a constantly evolving strategy.
How can they implement strong data protection measures without sacrificing productivity in the workplace?
The success of any security strategy requires the involvement of all stakeholders within the organisation. Implementing data security in complex customer environments requires an active communication channel and we ensure that our customers understand this to ensure that they yield maximum returns. Implementing workshops around data security will go a long way in helping business and technical stakeholders to understand the critical pain points and in ensuring productivity is not hampered in the process.
What kinds of technologies and initiatives should organisations invest in to bolster data privacy measures within their organisations?
The first step towards fixing a problem is identifying the existence of one. Human error is the biggest reason for breaches and exposure. This points us towards the direction of minimising the impact of this element from the chain. Organisations need to take steps to ensure that there is a level of automation in the chain of command and that users are compliant. Solutions such as information rights management, configuration management tools, vulnerability management and application security are some of the essential solutions required. These tools help in setting the foundations of security strategies and maintaining uniformity of the security posture.
How has GDPR impacted regional businesses after it was implemented in May 2018? Do organisations in the region have a better understanding of this regulation now?
GDPR was a defining point in the information security world because of its global implications. I feel even though we knew it coming, the preparations weren’t ideal, and people are still just catching up to it even today. Understanding about 160 requirements of GDPR has been a significant challenge for many businesses, especially with the local market dynamics.
Since the enforcement of the GDPR penalties is being delayed, people are still trying to comprehend the finer implications to ensure they meet the legal and technical requirements. We are trying to spread the awareness among the customers to ensure that their data security polices include the GDPR regulations as well.
Are the existing regulations aimed at data protection and privacy enough? If not, what do you think is lacking the regulatory space?
The current data protection frameworks and regulations are designed to address the major security gaps in most enterprises. But every organisations’ risk for data exposure differ depending on their business requirements, hence, there is a need for customised strategies. One size does not fit all. There is a need for the technical stakeholders to be on the same page as the business owners to define such strategies to safeguard their data.
Even though the regulations address most of security gaps there needs to be a shorter revision cycle for the regulations to keep up with the speed of changing cybersecurity space keeping in mind the trend of the breaches that have been taking place.
As an IT security distributor, how is Gulf IT promoting the importance of data privacy within enterprises? What kinds of offerings do you have in this space?
Gulf IT has been a pioneer in the VAD space in the region. For us, it has never been about the product but about the data security strategy. The customer preference for Gulf IT is primarily due to the problem-solving skills we bring to the table for them through the best-of-breed technologies. Our focus has been on working with vendors that add a value to customer environments. We work with Imperva, Seclore, NNT and Sailpoint within our data security portfolio. They’ve always believed in Gulf IT’s approach of trying to help customer environment to have a holistic view of the of structured and unstructured data security. They have proven time and again on how an effectively implemented solution can help customers achieve their intended goals without compromises.