In today’s rapidly evolving, digitally-driven economy, the window of opportunity that businesses have to capitalize on shifting markets and consumer demands is continually getting shorter. To keep up, application developers and IT teams need to also perpetually shorten the development lifecycle of systems and applications, while at the same time continuing to deliver features, fixes, and updates that align with business objectives. Because of the speed and resources needed to make these happen, much of this development can only really be done effectively, and at scale, in a cloud environment.
The Increasing Regulatory Focus on Privacy
The ongoing trend of data breaches and the increasing privacy risks associated with social media continue to be a national and international concern. These issues have prompted regulators to seriously explore the need for new and stronger regulations to protect consumer privacy. Some of the regulatory solutions focus on U.S. federal-level breach and privacy laws, while individual U.S. states are also looking to strengthen and broaden their privacy laws.
The focus on stronger consumer privacy has already sparked new regulations like Europe’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). Many customers of U.S. companies are covered by GDPR’s broad privacy protections, which protects the rights of residents of the European Economic Area. As U.S. states increasingly pass their own privacy laws, the legal environment is becoming more fragmented and complex. This has led to an increased focus on potentially creating a U.S. federal privacy law, perhaps along the lines of the GDPR or otherwise protecting individuals’ information more broadly than the sectoral laws now in place. Although it is not clear whether effective national legislation will pass in the immediate future, the continued focus on regulatory solutions to strengthen consumer data privacy appears certain.
Privacy is Important to McAfee
For technology to be effective, individuals and corporations must be able to trust it. McAfee believes that trust in the integrity of systems – whether a corporate firewall or a child’s cell phone – is essential to enabling people to get the most possible out of their technologies. Fundamental to that trust is privacy and the protection of data. McAfee is committed to enabling the protection of customer, consumer and employee data by providing robust security solutions.
Why Privacy Matters to McAfee
Effective Consumer Privacy Also Requires Data Security
Today, electronic systems are commonly used by government, business and consumers. There are many types of electronic systems and connected devices used for a variety of beneficial purposes and entertainment. The use of data is a common element across these systems, some of which may be confidential information, personal data and or sensitive data.
A reliable electronic system must have adequate security to protect the data the system is entrusted to process and use. Data leaks and security breaches threaten the ability of customers to trust businesses and their products. Flawed or inadequate data security to provide robust data protection puts consumers’ privacy at risk.
Too often, privacy and information security are thought of as separate and potentially opposing concerns. However, there are large areas of interdependency between these two important policy areas. Privacy and information security must work in harmony and support each other to achieve the goal of consumer privacy. Privacy requires that consumers have the capacity to decide what data about them is collected and processed, and the data must have safeguards driven by appropriately secure technologies and processes.
Data security is the process of protecting data from unauthorized access and data corruption throughout its lifecycle. Privacy is an individual’s right or desire to be left alone and or to have the ability to control her own data. Data security also enables the effective implementation of protective digital privacy measures to prevent unauthorized access to computers, databases and websites. Data security and privacy must be aligned to effectively implement consumer privacy protections.
An effective risk-based privacy and security framework should apply to all collection of personal data. This does not mean that all frameworks solutions are equal. The risks of collection and processing the personal data must be weighed against the benefits of using the data. Transparency, choice and reasonable notice should always be a part of the way data is collected. The specific solutions of a framework may vary based on the risk and specific types of data. The key is to have in place a proactive evaluation (Privacy and Security by Design principles) to provide the most effective protection for the specific application and data use.
Examples Where Privacy Regulations Require or Enable Robust Data Security
Breach Notification Safe Harbor for Encrypted Data in U.S. State Privacy Laws
Data breach notification laws require organizations to notify affected persons or regulatory authorities when an unauthorized acquisition of personal data occurs as defined by the applicable law or regulation. Many U.S. state laws provide a “safe harbor” for data breach notice obligations if the data was encrypted. A safe harbor may be defined as a “provision of a statute or a regulation that reduces or eliminates a party’s liability under the law, on the condition that the party performed its actions in good faith or in compliance with defined standards.”
Security safe harbor provisions may be used to encourage entities and organizations to proactively protect sensitive or restricted data by employing good security practices. Encrypting data may protect the organization from costly public breach notifications. Encrypted data may be excluded from breach requirements or unauthorized access to encrypted data may not be considered a “breach” as defined in the statute. To be protected by an encryption “safe harbor” exemption, the breached organization must encrypt data in compliance with the state statute. The state-specific statutes may also require control of the encryption keys to claim safe harbor.
GDPR Security Requirements
The General Data Protection Regulation (GDPR) went into effect in the European Economic Area (EEA) in 2018, enhancing further the privacy rights of residents of the EEA. In addition to allowing EEA residents access to personal data collected about them, the GDPR requires companies interacting with this data to perform risk analyses to determine how to secure the data appropriately. The GDPR lays out basic security requirements in Article 32, GDPR Security of processing, which requires entities to “ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.”
Controllers of personal data must also have appropriate technical and organizational measures to satisfy the GDPR. Business processes that handle personal data must be designed and implemented to meet the GDPR security principles and to provide adequate safeguards to protect personal data.
Implementing a robust security framework to meet the GDPR requirements means the organization should proactively evaluate its data security policies, business practices and security technologies, and the organization must develop security strategies that adequately protect personal data.
Federal policymakers need to pass uniform privacy legislation into law. A key part of this effort must include sufficiently strong cybersecurity provisions, which are imperative to protecting data, as evidenced by GDPR and thoughtful state breach notification laws. Instead of relying on hard regulations to incent organizations to implement strong security, policymakers should include a liability incentive – a rebuttable presumption or a safe harbor – in privacy legislation. Such an approach, ideally aligned to NIST’s flexible Cybersecurity Framework, would enable policy makers to promote the adoption of strong security measures without resorting to a “check the box” compliance model that has the potential to burden customers and discourage innovation in cyber security markets.
Source: McAfee Blog
Fortinet has a Longstanding Commitment to Cloud Security Leadership
As digital transformation requirements drive organizations to adopt and expand cloud usage, Fortinet is positioned to support a wide range of cloud migration initiatives—from extending and migrating applications and datecenters to the cloud, to helping companies buildapplications on the cloud through helping customers consume SaaS applications.
Due to the breadth of security offerings (FortiGate, FortiWeb, FortiSandbox, FortiMail, etc.) available on all six of the leading cloud platforms (Alibaba, AWS, Azure, Google, IBM, and Oracle), Fortinet is uniquely positioned to offer organizations the confidence to deploy any application on any cloud as they can take their security with them supporting any cloud adoption initiative.
In the past few years, we’ve seen a massive uptick of interest in leveraging cloud infrastructure from Logrhythm customers. Just a few years ago, organizations viewed cloud as an interesting proposition for a few use cases. Today, we see many critical business functions either being migrated to cloud platforms, or new cloud solutions completely replacing their on-premise counterparts.
With the proliferation of “cloud-first” initiatives, partially fueled by the rise of DevOps practices, cloud is becoming a first-class citizen of many businesses. In response to this, the need for IT to effectively monitor these cloud environments is rapidly becoming an integral and critical part of both IT security and IT operational monitoring.
The pace of technological change makes it hard for me to remember what enterprises were like even a few years ago. Back then, your company probably consisted of employees with smartphones, internal IT systems for a common function such as HR, Marketing, and Sales Management, and on-premises data centers containing customer-facing systems, IP, and other assets. The perimeter was well defined, and what kept you awake at night was security concerns surrounding an employee visiting a malicious website or opening a malicious email.
Just when the smartphone revolution was brewing, another radical shift in IT was starting to take hold – cloud computing. In 2019 the cloud, just like the smartphone, is both a revenue and company growth accelerator. But understanding and fully leveraging all aspects of the cloud can be confusing. I would like to start with some basics about the different flavors of cloud deployment models, and then explore some security challenges you need to consider as you embark on the journey to the cloud.
Enterprises have changed the way they interact with data and where their workloads reside. Approximately a decade ago, enterprises directly owned and housed servers that IT personnel maintained. These servers sat in data centers protected by multiple security controls around a well-defined perimeter.
All that has changed. More and more enterprises are now transitioning data and enterprise applications to the public cloud, oftentimes turning to Amazon Web Services (AWS), Azure, or Google Cloud. They make the shift to take advantage of the flexibility of elastic computing resources, lower costs, and easier maintenance.
Some organizations are shutting down their data centers entirely and moving all computer resources over to Infrastructure-as-a-Service (IaaS) providers like AWS. However, many enterprises are moving some, not all, of their servers to the public cloud. It’s likely that this hybrid infrastructure consisting of on-premises and cloud-based assets will dominate the market for the few next years, requiring security on two fronts, if you will.
Either way, there’s an old adage in security – wherever the data goes, so go the criminals.
Your analysts are efficient. They are creative problem solvers who prefer to spend their time putting those inventive skills to use rather than expending energy on mundane tasks. For example, logging into an active directory and unlocking a user account 15 times is a monotonous activity — and not an efficient allocation of your team’s time and skills.
Most analysts will naturally look for ways to automate these kinds of tasks to focus on more pressing and challenging projects at hand. LogRhythm gives analysts the tools they need to easily automate everyday activities so they can make the most of their time and resources.
According to IDC, organizations are increasingly relying on SD-WAN to “intelligently automate how application traffic is delivered to branch sites, moving away from traditional hub-and-spoke WAN architectures and the backhauling of Internet- and cloud-bound traffic to on-premises datacenters,”* and instead, they look to use broadband Internet breakout and mobile transport solutions such as 4G/LTE and 5G to more efficiently and cost-effectively deliver applications, including rich media and latency-sensitive applications such as voice and video.
The advantages of an SD-WAN solution are increasingly being recognized by organization, and as a result, adoption continues to outpace industry estimates. Revised forecasts now predict that SD-WAN will grow at a compound annual growth rate (CAGR) of over 40%, with IDC predicting the SD-WAN market to hit $4.5 Billion in just the next three years.*
5G mobile communications are on the horizon and although speed and performance are improved, these advances are spurring the growth of the Internet of Things (IoT). With this growth comes new security issues, including attacks on and from IoT devices.
Are you prepared? Do you understand the specific 2019 IOT cyberattack vectors and trends currently in play?
Whether you are looking to implement a new strategy or looking to review yours, it’s crucial to make an informed decision. We invite you to book a meeting at Mobile World Congress and find out how you can defend yourself against these threats.
BOOKING A MEETING !
Actifio Strengthens Its Data-as-a-Service Vision with App-Centric Approach in the Multi-Cloud and DevOps Era
Actifio’s 2018 customer and partner conference was named “Data-Driven.” The name will remain for our 2019 conference (Boston in June) because we know that every enterprise in or moving to multi-cloud strategies starts with data challenges. How to manage it. How to migrate it. How to move it among cloud providers. How to accelerate analytics and assure protection. We have seen it in every customer engagement. Attendees at the conference confirmed it. Effective data management strategies are essential to extracting data value, and Actifio has become a vital component of that strategy for many major enterprises.