January 28, 2020 marks the 13th iteration of Data Privacy Day. An extension of the celebration for Data Protection Day in Europe, Data Privacy Day functions as the signature event of the National Cyber Security Centre’s ongoing education and awareness efforts surrounding online privacy. Its aim is to foster dialogue around the importance of privacy. Individuals can then use these discussions to advance privacy in their homes, communities and businesses.
Data Privacy Day isn’t just for individuals within their personal lives, however. Individuals have a role to play in their business lives as well. Additionally, businesses also have a critical part to play when it comes to safeguarding online privacy of their employees, trading partners and, most importantly, customers. Namely, they should implement encryption, key management and identity and access management (IAM) to help preserve the privacy of their stored data. Following cyber hygiene best practices and creating a strong security-centric culture is always a good strategy for organizations to adopt.
With the above in mind, it’s worth a discussion about specific security controls in greater detail…
Encryption
An organization’s digital security strategy would not be complete without encryption. By implementing this security control, organizations can protect all structured and unstructured data that’s found across their on-premises, virtual, public cloud and hybrid environments. To fully defend themselves against insider threats, malicious attacks and black hat hackers, they should implement encryption across their data at rest and data in motion. The latter measure is especially important, as data-in-motion encryption helps shield an organization’s data, video, voice and metadata from eavesdropping, surveillance and other interception attempts.
Key Management
Encryption means nothing if a threat actor gains control of an organization’s cryptographic keys. Indeed, they can abuse those keys to decrypt an organization’s data, create fraudulent identities and generate malicious certificates at will. These malicious actions all lay the groundwork for secondary attacks such as committing identity theft and creating HTTPS-protected phishing pages. Fortunately, organizations can minimize the risk of these types of attacks by exercising key management. This security control gives organizations a means by which they can securely manage, store and use their cryptographic keys. Oftentimes, organizations realize key management by deploying a hardware security module (HSM) on-premises and/or in the cloud.
Identity and Access Management
Malicious individuals cannot pose a threat to an organization’s data if they can’t access it. That’s the purpose of IAM. This security control is particularly important given the explosion of mobile, IoT and cloud-based devices in the enterprise. These and other assets have dissolved the traditional boundaries of the network as they’ve expanded to include remote employees, partners and customers. In response to these developments, organizations should implement controls that limit work-related resources where employees have access based on their job duties. These controls should include the use of multi-factor authentication (MFA) to safeguard users’ accounts even in the event that threat actors succeed in compromising their credentials.
A Streamlined Data Security Strategy
Encryption, key management and IAM are all security controls that can help organizations secure their sensitive information for Data Privacy Day. But as organizations’ environments become increasingly complex, some organizations may struggle to separately implement each one of these measures on their own. Given these difficulties, organizations should instead consider investing in a solution that gives organizations the scalability, flexibility and efficiency to address their evolving encryption, key management and other data security needs across all their environments…all while reducing unnecessary costs and complexity.