How to secure Data in the new normal? Project Manager viewpoint…
5 questions about Data Security and Privacy to… Edoardo Salemme, Project Manager – Cybertech
1. Big Data and Data Protection: what are the main implications?
The tech platforms and social networks, that have experienced exponential growth during the global lock-down caused by the Covid-19 pandemic, are the main actors of the “new normal”. All the interactions we have daily over the Internet, on social networks, websites, business operating systems, videoconferencing and online shopping, generate a large amount of data (and information). Today, we are able to analyze this enormous volume of data and information in real time, thanks to one of the deepest and most pervasive evolution of the digital world, the world of Big Data.
BIG Data is the new wealth of the modern world, big volumes of quality information, that drive data-driven decision-making at the corporate and national level. The large amount of quality information is useful for analysis, prediction and investment, it can lower risks and influence business decision making, all in order to create an economic and / or social advantages from behavioral analysis. While, at the government level, this type of data can be useful to strengthen national security.
When talking about Big Data, we have to take into account several limitations, as:
- National, International Regulations
- International Standards
- Intellectual Property, financial situations, business confidentiality
- Privacy Policies
Data is the “new gold” of our era. The big tech companies create business value by acquiring or managing data, while individuals and small companies have the need to preserve data confidentiality and intellectual property.
2. Why should your company invest in Data Security & Privacy?
When investing in Data Security and Privacy solution and services, companies should implement proven methodologies and best technological solutions in line with their specific business needs. Thanks to the best data protection strategies companies can benefit from:
- clear understanding of the company information security status;
- complete vision of the most “critical” information and the business flows;
- targeted choices and investments (technical / organizational), controlling the risks and the benefits;
- planed yearly interventions modified in line with the business changes;
- guaranteed compliance to national and international regulations;
- simplified certification in line with International Standards;
- best technological solutions in line with the specific business environment;
- increased level of information security (corporate, clients, partners and institutions)
3. What has been done so far and what should we focus on next?
In recent years we have noticed that, both in private and public sectors, the Data Privacy issues have been assimilated by the vast majority of (medium-large) cross-industry companies, which have adapted their systems and business processes.
The work that has to be done now, is to monitor and modify the Privacy structure in line with the inevitable business changes. By underestimating the topic during intense periods of change, companies risk losing all the work that was previously done.
It is becoming more and more challenging to protect data and intellectual property, as well as the privacy of customers, employees and business partners, in a context where complexity and risk are continuously increasing. It is therefore necessary to adopt the best technological solutions to adequately protect data.
Among the solutions that we use to protect our clients data, when it comes to classifying sensitive data in relational or non-relational databases, and monitoring user activities, architectures are often developed based on the IBM Security Guardium. In addition, the IBM solution is also used when preparing audits for the GDPR. When our clients need SaaS and managed solutions for data protection, we trust IBM Guardium Analyzer, which allows for vulnerability scanning and identification of data associated risks, both In Cloud and in local databases.
4. How much does a potential Data Breach cost?
According to the data breach report sponsored by IBM Security, each data breach costs the affected company an average of $3.86 million globally and €2.90 million in Italy. According to the data of the last year, this is equivalent to a cost of about 5% of the annual turnover for SMEs.
Cost calculation can’t be done following a simple formula. There are several variables based on the type of information, context (private / public sector, own data / others’ data, business data / personal data / sensitive data) and loss / theft (cancellation, erroneous transmission, theft, etc …) that must be considered.
The most harmful variables are:
- Loss of intellectual property (the cost is variable, but can be estimated through a BIA of the information);
- Loss of personal data (according to the type of information a specific sanction is provided by the GDPR and claims for damages can be filed by private individuals)
As explained above, our methodology includes the cost estimates of a potential Data Breach, giving the Client the opportunity to make informed choices.
5. What is the best Data Security and Privacy Methodology?
Thanks to our experience in the field of information security, we have built a specific framework and a precise methodology, based on international standards, which facilitates the analysis of the security status and the protection of data and company information.
Our methodology has been developed through the analysis of organizational processes, computer and corporate data flows, and includes several phases of the Framework:
- Analysis, evaluation and design phase (mapping processes/technologies/Information)
- BIA (Business Impact Analysis)
- Risk Management and Information Classification
- Implementation phase (Technical-organizational re-entry plans)
- Control Phase (Implementation of monitoring measures and measurements)
- Periodic monitoring phase (subsequent audits and technical analysis)
We protect information (in line with National Regulations and International Standards) by combining our experience in organizational processes with our technical knowledge of the best Cybersecurity solutions. Furthermore, through our Control Room and our SOC (Security Operation Center), we carry out the continuous monitoring of infrastructures and the resolution of security events / incidents.