Thales Blog

Navigating The Ever-evolving Data Protection Regulatory Landscape

August 4, 2020

Rana Gupta Rana Gupta | APAC Regional VP, Data Protection More About This Author >

The COVID-19 pandemic has altered the way businesses operate and how people interact with each other. As the virus has forced many companies across the globe to embrace work-from-home solutions and virtual meetings, protecting sensitive business data has become more important than ever.

With a plethora of remote file-sharing apps being increasingly used in today’s remote working environment, protecting sensitive data becomes pivotal not only from a business perspective but also from the viewpoint of regulatory compliance.

Navigating The Ever-evolving Data Protection Regulatory Landscape

However, protecting sensitive data is easier said than done. As exabytes of data gets collected and scattered across data centers, file-sharing apps, databases, cloud storages, and backup systems, organisations struggle to implement a cohesive strategy for protecting sensitive data.

Understanding the two pillars of data security is the key to implementing a homogenised data protection strategy.

Pillar 1 – Data Discovery and Classification

With stringent data privacy laws coming into force across the globe, organisations find it difficult to interpret what constitutes ‘sensitive data’ in which geography and under which industry-specific data security law.

The key to navigating this complex maze of an ever-evolving regulatory landscape is to first identify where all the business data resides and then classifying each data set as ‘sensitive’ or ‘non-sensitive’ depending on the country and industry-specific data protection laws.

However, merely identifying the location of sensitive data is not sufficient. To chalk out an effective risk mitigation strategy, it is equally important to understand with the help of a simple risk scoring mechanism how this data flows within and outside the organisation and who has access to it.

Pillar 2 – Protection

Once the sensitive data is identified, implementing strong protection mechanisms become paramount. Many organisations make the grave mistake of considering perimeter defence systems like firewalls and antivirus as the silver bullet against cyber attacks.

While such front line defence mechanisms are indeed important to deter cyberattacks, they are rendered useless when a hacker gains inside entry by exploiting their vulnerabilities. The latest example is Twitter accounts of high-profile personalities like Barack Obama, Elon Musk, Bill Gates and Jeff Bezos getting hacked. Widely considered as one of the most brazen online attacks in history, cybercriminals behind this data breach siphoned off bitcoin worth $120,000 through more than 300 transactions.

For optimal data protection, it is imperative that organisations equally focus on the last line of defence technologies like data encryption, tokenization and data masking. Encrypting sensitive data is widely considered the best approach to data protection because without its corresponding decryption key, the encrypted sensitive data is rendered unidentifiable to hackers who then cannot launch targeted attacks on it.

The importance of these three aforementioned technologies is asserted by the fact that many regulatory laws like General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and regular circulars from Indian regulators like Unique Identification Authority of India (UIDAI), Insurance Regulatory and Development Authority (IRDA) and Reserve Bank of India (RBI), mandate their use.

Get end-to-end visibility into sensitive data

Thales’s CipherTrust Data Discovery and Classification solution helps organisations get end-to-end visibility into their sensitive data wherever it resides – in the cloud, in virtual environments or on-premises.

With ready built-in templates for regulations, CipherTrust enables easy identification of regulated data. The solution is flexible enough to customise geography-specific regulations and auto-populate specific details from a host of Officially Valid Documents (OVDs) like Aadhaar card, voter’s identity card, passport, driving license, etc. Furthermore, the solution highlights the associated security risks, and uncovers gaps to streamline the compliance journey in the run-up to upcoming legislations like the Personal Data Protection Act in India.

For more information on how your organisation can protect its sensitive data, read more about Thales’s CipherTrust Data Discovery and Classification.

Related Articles

No Result Found