Senior Director - Technical Architecture & Innovation, Technical Architect at Quick Heal.More From The Author >>
What is Data Privacy and why is it important?
The lines between data security and data privacy are also thinning, and in an era of data explosion, both the Governments and Corporates are scrambling to define what is acceptable while simultaneously concerned about securing their data assets.
Data is the new Oil of Twenty First century. Companies such as Amazon, Facebook, and Google have built empires on top of data economy. Data privacy is a branch of data security that concerns with the handling of data. More specifically, how the data is collected & stored, how the data is shared with Third-Parties and the regulatory aspects around it. Data privacy and data protection are two sides of the same coin where the later concerns with protection of the data from malicious sources. The lines between data security and data privacy are also thinning, and in an era of data explosion, both the Governments and Corporates are scrambling to define what is acceptable while simultaneously concerned about securing their data assets.
Let’s Talk about the Impact of Digitization
More and more Enterprises are embracing digitization. Data resources that are stored securely inside private data centers on company servers accessed by private networks protected by strong corporate firewalls are now being migrated to the public cloud. As per Synergy Research, Enterprises spend more on migrating their data assets to the cloud than spending on data-center hardware and software and this trend will continue to skew in favour of cloud migration. This present tremendous opportunity for cloud adoption while increasing the risk of data leakage and information disclosure due to weak practices around storage and access of data.
With the increasing adoption of mobile devices and apps, there is a goldmine of opportunities for companies to mine the data and generate useful analytics. For example, let us consider a scenario when a company releases a social media App on Android PlayStore or Apple Store. As end-users download and install the app on their mobile devices, it is possible to generate data from the store and from the installed devices on how the app is used, how much time do users spend, demographics, user profile, among other details. Using analytics tools, this data can be analysed to generate valuable insights that can be further used to increase the user base or to provide targeted features for niche audience.
What Enterprises can do to ensure data privacy?
Protecting the integrity and preventing information leakage is becoming a key challenge to solve for the companies that collect and store user and employee data. There are two key aspects to consider. First, companies should put effort to ensure that sensitive user data, such as credit card information, health records, Aadhar, bank records are stored in encrypted format to prevent both internal and external malicious actors from being able to extract such data. Second, compliance to regulations such as PCI, HIPAA (USA), GDPR (EU), and scrubbing personally identifiable information (PII) to maintain the anonymity of their users. In an event of data leakage, the actual loss of user privacy can be kept to a minimum because the data has been de-sensitized and critical data has been encrypted.
Let us look at what Enterprises could do to ensure data privacy and data protection. It starts with creating awareness among their workforce on the importance of handling user data. Employees need to be trained on adopting secure practices and using the right set of tools to handle user data. We are witnessing a trend that more Enterprises are appointing Data Privacy Officers to ensure there are clear policies, procedures, drills on following regulatory practices. During the event of unforeseen data leakage, there is a clear plan of action to contain, identify, investigate, mitigate, resolve and prevent such mishaps from happening. Another important aspect is to ensure that only right set of Employees have access to the right information. For example, in a cloud infrastructure, it is possible to separate who grants access to security tools and who uses the tools to perform some work. So in an event of a breach, the situation can be contained to only a narrow set of
infrastructure and remediated. Such approaches ensures that data protection and data privacy are ensured.
Investing in data privacy solutions that perform automated data sensitivity classification, scans enterprise data stores for potential data leaks, performs real-time monitoring & alerting, is a good bet! We are observing that enterprises are adopting data classification to both their internal and customer (user) data. That is, based on the context of the emails, documents, files, source code, these data assets are classified in terms of their confidentiality, sensitivity, and priority. There is also an increased usage of data privacy tools that scans the company’s data sources and provides a trending dashboard of status and risks associated along with real-time alerts and possible mitigations. Enterprises who offer BYOD (bring your own mobile device or laptops) option to their workforce, can also enforce the usage of tools that often remote wiping of company data in the event of breach or loss of device. Having a remote administration tool makes it easier to be compliant to regulatory laws.
What End-Users can do to protect their privacy?
Investing in AV and Malware solution that covers multiple devices such as smartphones, laptops, and tablets is one of the simplest ways to protect the end-user device and data. Adopting the usage of strong passwords, OTP-based multi-factor authentication is also one of the simple ways to secure the devices and device data on the cloud. Users can also consider checking the privacy settings of the frequently-visited social media portals to limit the exposure of their profiles to unsolicited users. Social media and Cloud providers are also expected to be compliant to user data privacy laws. End users can visit the social media privacy settings and choose the data sharing options they are comfortable with. For example, users can login to their Google account settings and choose to not store the search history or track the device location. Users can also consider using security tools to properly wipe down and remove their data before transferring their smartphones or laptops. End-users should consider backing up their device data to the cloud providers such as OneDrive, Dropbox, and Google Cloud but here also it is recommended to ensure that strong-passwords, multi-factor authentication are put in place to secure their backed up data. Few high-end AV tools in the market offer data privacy check as a built-in feature. Users can register their emails with the AV tools, which scans through published portals to check for potential data breach. In an event of data breach, the AV tools offers remediation to fix the data leak and prevent such breaches in the future.
In summary, data protection and data privacy are some of the key challenges that Enterprises and user are facing in the era of data explosion. Enterprises have a moral, ethical and professional obligation to ensure that users’ data are kept secured, access controller, private and prevented from unauthorized access. In this article we listed a few low-hanging fruits that both the Enterprises and End-Users can adopt to secure their data on both the devices and at the backend.
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house
Around The World