In the age of digitalization, data protection and security are becoming even more important than they had already been before. According to a recent Accenture study among 2,000 IT security professionals in 15 countries, protecting customer data and ensuring operation are the central goals of the IT security strategy. Still, one in three cyber attacks is successful, finds the study. With 81 percent of respondents who are responsible for IT security stating that they feel well equipped to thwart attacks, some questions come up: Do experts feel too safe handling sensitive data? Are they protected at all against dangers from the web in digitalization projects? Which security and data protection aspects should be taken into account for these projects?
Florian van Keulen, Principal Consultant, comments:
“Permanent cyber attacks are already a reality and one third of attacks from the web is successful. This means that, on average, two or three attacks per month beat your company’s security measures and cyber criminals gain access to sensitive corporate and customer data – a horror scenario from a data protection and security perspective.
The Top Priority for Every Security Strategy: Protecting Personal Data
In an age of constant change, one thing remains true even for digitalization: Protecting personal data must have priority over everything else. Information security is being digitally transformed as well. New risk scenarios, new threats, shifts in security perimeters, stricter compliance requirements, new laws but also many interesting new security opportunities are only some of the chances and challenges that come with the transformation process.
Compliance Requirements Must be Met
Moving IT systems and data into the cloud is a classic digitalization strategy. In cloud projects, however, it is crucial to know and meet the legal, corporate, and contractual guidelines – in short, the compliance requirements. A corporate guideline may provide, for example, that specific data may not be stored and processed in foreign countries. Protecting this specific data is a key aim that must be central to planning and realization – which is true for any IT project that involves sensitive, personal data. Today, no company can afford a data protection Waterloo! The new EU General Data Protection Regulation that will apply from May 2018 is one example for a current issue. New projects must anticipate and reflect the effects of legislative changes that are already known. Otherwise, the cloud project will have feet of clay. Industry-specific requirements are relevant to planning as well, including Finma and PCI-DSS in finance, or HIPAA in healthcare.
Projects in Big Data, cloud, or IoT have one thing in common: Privacy and security must be key aspects of the digitalization strategy. These projects will rest on solid, secure foundations only if all current data protection and security aspects as well as all known legislative changes are taken into account in planning, development, and realization.”
Trivadis triCast on “Privacy and Security Fundamentals for Cloud, IoT, or Big Data Projects”
On March 28, 2017, Trivadis hosted a webcast on “Privacy and Security Fundamentals for Cloud, IoT, or Big Data Projects”, where we gave an overview of current data protection and security aspects that should be taken into account realizing cloud, IoT, or Big Data projects. Find a recording of the triCast and the corresponding material here.