Business Strategy and Networking Technology Role in Data Protection

//Business Strategy and Networking Technology Role in Data Protection

Business Strategy and Networking Technology Role in Data Protection

Anwesh Adhikari

Product Strategy Specialist

Business strategy and networking technology role in data protection

 

Consulting firms, legal firms, technology vendors and service providers among others are busy promoting their solution approach to The EU General Data Protection Regulation (GDPR) compliance as it comes into force on the 25th May 2018.

 

Data protection is not a new concept – data protection commissioners at country level, best practices like Center for Internet Security (CIS)[1] and Framework for Improving Critical Infrastructure Cybersecurity[2] from National Institute of Standards and Technology (NIST) are in place for a long time now. GDPR simply gives rights to individuals in respect of the personal data and any entity that handle such data should have the necessary governance in place to comply privacy requirements.

 

Moving away from educating on GDPR it is important to recognise that cyber security risks can harm an organisation ability to gain customers, innovate and drive profitability. For this reason, data protection is core to business growth and is not a legal, consulting or technology overhead expenses. Organisations will need to balance the consequences of failure against the cost of compliance.

 

The NIST framework on cybersecurity uses a common language and is a good starting point to understand the correlation of cybersecurity risks to business drivers. It suggests information and decision flow starting from and supported as a core business process is key to executing cybersecurity activities within the high level functional areas of Identify, Protect, Detect, Respond and Recover.

Figure: Notional Information and Decision Flows within an Organization2

 

In terms of cybersecurity implementation, CIS[3] define controls broadly relating to access control (people, devices and software), protection (email, WAN, LAN, web), monitoring, reporting, incident response and contingency plan. GDPR requires privacy by design and by default and networking technology play an important role towards this by:

[1] Internet protection

Associated technologies: Next-Gen Firewall, Intrusion Prevention, Content filtering, DDoS, Advanced Threat Analytics.

[2] Network Segmentation and Access Control

Associated technologies: Identity Services Engine, TrustSec.

[3] Security Breach Detection and Notification

Associated technologies: End-point (devices) Protection, OpenDNS, Email Security, Advanced Malware Protection, ThreatGrid, Active Threat Analytics.

 

GDPR is about application-level data and networking technology is an enabler to the data protection controls necessary to support the digital transformation required as part of business strategy.

 

[1] https://www.cisecurity.org/controls/

[2] https://www.nist.gov/sites/default/files/documents/2017/12/05/draft-2_framework-v1-1_without-markup.pdf

[3] https://www.cisecurity.org/controls/

 

2018-01-26T14:21:55+00:00 January 26th, 2018|Business Blog|
Contact Us Today

Can we help you?

We are very proud of our enterprise-grade solutions and support we supply to our clients. Find out how our tailored solutions can grow your business today.
Contact Us Today