With today designated as Data Privacy Day, data and security experts have been weighing in on the hotly-debated topic.
Data Rights Management
Joseph Carson, chief security scientist at Thycotic believes data privacy will, and already is, evolving into a Data Rights Management issue, noting the “end of privacy as we know it is closer than you may think.”
“Privacy is becoming less and less of an option for most citizens,” he said.
“Regulations will continue to put pressure on companies to provide adequate cyber security measures and follow the principle of least privilege to protect the data they have been entitled to collect or process.
“I believe the big question, when it comes to data privacy, is “How is citizens’ data being used, collected and processed?” Ultimately data privacy will evolve into Data Rights Management which means rather than giving up personal data for so called free use of internet services, citizens should and can get paid for allowing their personal data to be used for marketing purposes. It will become more about how the personal data will be used, and what monetization is resulting from the data. In the future everyone will become an influencer this difference is how much is it worth.”
Third party danger
Elsewhere, Sridhar Iyengar, head of Europe at Zoho Corporation says monetising customer data without their knowledge is unethical and must stop.
“B2C practices surrounding customer data are leaking into the B2B world at an alarming rate. What started off as user tracking to serve ads, has now become what we term ‘adjunct surveillance’,” he said.
“Companies such as social networks and search engines are being used by many businesses, without thought around what the true pay-off is. For example, if using a third party to measure web analytics, companies can expose their customer data through trackers to that third party, who uses it for commercial gain. Customers are not made aware of this.
“Online advertising and privacy simply do not mix. Some businesses may not truly understand the implications of using third party applications with trackers on their own properties, but ignorance can no longer be an excuse. We are dismayed and discouraged about how pervasive these practices are becoming.”
If you liked this content…
Balancing the Unbalanced: How Flexible Rostering Can Transform Public Sector
Open source key to unlocking government digital transformation – WSO2
How to stop data ethics becoming a roadblock to innovation
Public sector needs laser-focus on data, says start-up Pivotl
ICO’s reprimand of NHS Lanarkshire: What can we learn?
Richard Meeus, director of security strategy at Akamai also believes that organisations can’t just focus on their own security but must ensure their third party suppliers that connect to their network are secure too.
“To address this, organisations should evaluate their contacts and suppliers, especially the mechanisms granting access to systems from third parties, and frequently assess their detection and mitigation methods. So, whilst the battle to protect data will remain, Data Privacy Day should be a reminder to organisations to continue the fight against criminals by regularly evaluating, analysing and updating their cybersecurity strategies.”
Cloud security
Ed Williams, EMEA director of SpiderLabs at Trustwave says he believes that GDPR will still have an impact in the short term, regardless of Brexit.
“Coupled with the digital transformation we’re seeing with organisations moving to the cloud, there are plenty of areas for organisations to come un-stuck. Businesses must be sure to remember that the cloud has a ‘shared model of responsibility’, in that both parties must ensure the security and privacy of data.
“Moving forward this year, if the strategy for privacy fell under my remit within my organisation, with my penetration test hat on, I’d focus on looking to ensure that appropriate security and privacy training is given to all staff.
“Given that many organisations are now working from home potentially using equipment that isn’t specifically work-related, and with threats and vulnerabilities abound, being able to identify these threats is imperative. Secondly, I’d focus on the data itself. Data is always valuable to the bad guys and ensuring that data is managed correctly should also be a focus. Having appropriate policy and procedures for data given the recent home working trend should be updated, with appropriate training and technical controls.”
Zero Trust
Finally, Adam Brady, Director, systems engineering, EMEA, at Illumio says given the rise in ransomware attacks, firms need to take the more pragmatic approach of assuming breach and maintain an ongoing focus on protecting the data they store.
“For organisations looking to secure PII, micro-segmentation as part of a Zero Trust approach is a critical control,” he said. “Traditional segmentation of the network is no longer enough to prevent the kind of lateral-movement-based threats we see. Forward thinking enterprises need to be thinking about visibility, and micro-segmentation – where they can easily isolate high-value applications and environments, prevent lateral movement, enforce granular security policies, and apply the Zero-Trust posture of “never trust, always verify”.
