ArticlesC2 Fall 2022 Why it’s Time to Get Proactive About Security by Thomas Gloerfeld October 16, 2022 written by Thomas Gloerfeld Of all the business risks facing organizations today, cyber-attacks were recently highlighted by executives as the most serious. That’s a heartening sign that awareness levels at the very top are at least improving. But it’s too soon to get carried away. In fact, separate research reveals that many organizations still treat security as an afterthought, until they’re breached. It’s 2022 and organizations can do better. Closer communication between IT and business leaders can help to drive a more strategic, proactive approach to manage cyber risk. For those keen to get on the front foot against their adversaries, data-centric security is increasingly an essential best practice for doing so. Why cyber demands attention Global businesses have been buffeted by strong economic headwinds of late. But cyber still ranked as the top business risk, according to C-suite executives surveyed by PwC. Even more remarkable is the fact it beat risk factors such as inflation, talent acquisition and retention, and rising production costs—which are causing sleepless nights for executives everywhere. It does seem like the C-suite is starting to understand that cyber risk is an intrinsic part of business risk. A serious security breach could derail digital transformation projects, and cause major financial and reputational damage that may take years to recover from. Another driver may be more pertinent still for senior executives: new SEC proposals that would require boards to directly oversee cybersecurity, and make regulatory disclosures about directors’ cyber expertise. Post-breach security is too late However, old challenges persist, as evidenced by a new UK government report which looks at the state of security in several organizations. Crucially, IT respondents had the following to say: “Not all were sure that their leadership teams fully understood the ‘scale of the threat,’ or the ‘cultural transition’ required to meet the growing cybersecurity challenge. Consequently, for many organizations in this study, leadership became more engaged in the cybersecurity challenge post-breach and has since demonstrated more serious intent to help the organization improve.” While engagement post-breach is better than no engagement at all, it is also sub-optimal. Executives that continue to view security in reactive terms will be less engaged, and less committed to long-term, strategic thinking. As this report argues, they’re less likely to ask tough, pointed questions of their CISOs. And they’re more likely to passively approve only the most basic people, process, and technology changes, to ensure bare minimum levels of compliance. On the front foot Organizations need instead to tackle security as an urgent imperative, to reduce overall business risk and enhance growth opportunities. It’s heartening to note that, despite the headline findings, respondents to the UK government study did acknowledge cyber-attacks are growing in volume and sophistication. And they agreed that security controls need to evolve as a result. The challenge is communicating that message to boardroom executives. But what happens once the message does get through? One of the first things CISOs can advocate is a data-centric security approach. That means applying protection to the data itself rather than relying solely on controls at the endpoint, perimeter, and other layers of the IT environment. Doing so ensures that even if threat actors get hold of the organization’s crown jewels – highly regulated customer information and/or IP – they won’t be able to use it. By applying the right kind of format-preserving encryption, it also means those organizations can leverage this data via analytics tools to drive innovation and growth. When it comes to mitigating cyber risk, being proactive is the best way to get results. Secure sensitive data in your cloud ecosystem Secure all your sensitive data and information intended for cloud destinations without disrupting your business processes and workflows. Download our fact sheet to learn more: October 16, 2022 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022GDPR Why We Comply with Data Privacy Laws and Standards by Thomas Gloerfeld March 27, 2022 by Thomas Gloerfeld March 27, 2022 The answer is really simple, right? Governments pass laws that mandate certain rules be followed and infuse a punitive measure for those people or organizations not in compliance with the regulation in question. 0 FacebookTwitterPinterestEmail
Agile DevelopmentArticlesC2 Fall 2021Data SecurityData Solutions Balancing Agility with Data Security by Thomas Gloerfeld September 21, 2021 by Thomas Gloerfeld September 21, 2021 Agile development is known for well-paced development cadences with short, quick sprints. These fast bursts are typically focused on ensuring something of value (functioning code) gets done in a short amount of time, allowing for new features and functionality to be available in the product on a regular basis. … 0 FacebookTwitterPinterestEmail
ArticlesC2 Summer 2021DataSecurity Three Years of GDPR – a Look Back by Thomas Gloerfeld June 15, 2021 by Thomas Gloerfeld June 15, 2021 It might be hard to imagine, but it has been three years since the General Data Protection Regulation (GDPR) was implemented in the European Union (EU) on 25 May 2018. Time certainly does fly by when you are trying to protect data. Nevertheless, the term ‘GDPR’ has set a … 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2021DataSecurity ‘New Nacha supplementing data security requirements coming up’ by Thomas Gloerfeld March 23, 2021 by Thomas Gloerfeld March 23, 2021 Nacha is a non-profit organization that convenes hundreds of diverse organizations to enhance and enable electronic payments and financial data exchange within the U.S. and across geographies. Through the development of rules, standards, governance, education, advocacy, and in support of innovation, Nacha’s efforts benefit the providers and users of … 0 FacebookTwitterPinterestEmail
C2 Summer 2020 Robust security strategy for your hybrid IT by Thomas Gloerfeld June 23, 2020 by Thomas Gloerfeld June 23, 2020 What Is Hybrid IT? At its most basic level, hybrid IT is a blend of cloud-based and on-premises IT services. When applications and data were all maintained on-premises (or in-house) standardization was a best practise and security was much simpler. Now that the business and IT are realising the … 0 FacebookTwitterPinterestEmail
DataSpring 2020 Is the US Ready for Centralized Data Privacy Enforcement? by Thomas Gloerfeld March 24, 2020 by Thomas Gloerfeld March 24, 2020 The recent news about a proposed bill to create a central data privacy enforcing body shines another spotlight on the high-risk, high stakes shifting ground that many businesses operate their engines of growth on – consumer data collection, analysis, and retention. 0 FacebookTwitterPinterestEmail
CloudWinter 2019 3 Benefits of Taking Data Out of PCI Audit Scope by Thomas Gloerfeld December 10, 2019 by Thomas Gloerfeld December 10, 2019 Whether your company accepts payments at a store or restaurant, sells products or services through a website, or handles monthly payment billing, you or someone at your company is most likely aware of the security requirements of the Payment Card Industry Data Security Standard (PCI DSS). Each calendar year, … 0 FacebookTwitterPinterestEmail
Data SolutionsTheConnection Data is your superpower by Thomas Gloerfeld November 30, 2019 by Thomas Gloerfeld November 30, 2019 In today’s world of round-the-clock online business and commerce, data is everywhere. Data has become your superpower, even more so when it’s protected data. As many users of HPE NonStop systems are processing a large amount of sensitive or mission-critical data it is paramount that such data is protected … 0 FacebookTwitterPinterestEmail
Data SolutionsSept-Oct 2019TheConnection Solving the need for SNA and X.25 Support on NonStop X by Thomas Gloerfeld September 30, 2019 by Thomas Gloerfeld September 30, 2019 As the support timeline winds down for NonStop Itanium platforms, more and more customers are looking forward to their next step in their NonStop evolution. The NonStop X platform running L-series is the new home where customers are moving. For some customers there is a serious issue in moving … 0 FacebookTwitterPinterestEmail