How to secure Data in the new normal? Security Expert viewpoint…
5 questions about Data Security and Privacy to… Gabriele Ventura, Security Specialist – Cybertech
1. Data Privacy post COVID-19 Pandemic: what has changed?
The pandemic has redesigned our working models and has introduced new behaviors to contain the spread of the pandemic. In the emergency situation it was necessary to apply new measures to allow business continuity and to guarantee data protection. At European level, due to the intense acceleration towards digitalization, we are wondering about the future scenario’s of Data Protection and asking ourselves, “Which innovations, developed during this emergency, are here to stay and will continue to shape our new normal?”
We must be ready to welcome innovations in a more intransigent perspective, so that those technological infrastructures that we have built on fragile foundations to survive the emergency cab be transformed into lasting IT infrastructures on which we will be able to rely in the future.
2. What are the new priorities in the “New Normal”?
Over the last few years, at the european level, an increased level of attention was dedicated to the protection of personal data. The massive acceleration of the technological evolution created new challenges concerning Privacy.
For example, video surveillance systems, biometric recognition and geolocation, are used as tools of “control” of the population. Today, smartphones are used by governments to implement public policies (applications for monitoring and containment of the epidemic). Such apps, in particular, use Big Data and Artificial Intelligence tools to identify potential virus carriers.
Today, to comply with privacy requirements, companies have to introduce new processes and precautions to ensure the safety of the working environment:
- Measurement of body temperature and collection of information on people who physically access company spaces
- Security Protocols
- Social distancing within corporate spaces
- Remote working.
3. Digital Transformation and Privacy: how to manage the complexity?
The European Council advises to “remain vigilant and constantly re-evaluate our tools in order to adequately respond to the digital, information and technological challenges”. These technologies are increasingly invasive and intrusive in our private lives, as are the dazzling developments in biometric technologies, facial recognition and artificial intelligence, and increasingly sophisticated profiling techniques.”
Next-generation attacks are technologically advanced and highly targeted. They use social engineering techniques to capitalize on human vulnerabilities. We can’t think of improving the company privacy strategy, without strengthening the cyber defense and preventing social engineering. The actions that can be taken are numerous and must necessarily include cybersecurity and privacy awareness programs for employees, that must evolve accordingly with the development of new social platforms and ensure a culture of shared responsiblity.
Attackers can also target specific organizations, by steeling the information of employees or partners of those companies. Sensitive information can be extracted from property records, filing documents, lawsuits, and information shared on social media. If sensitive data is exposed, if it happens in the wrong hands, it can become extremely harmful. That is why, today it is inevitable to periodically review all the information shared over the web.
4. What are the latest Data Protection guidelines?
In the past few years, the Guarantor has been repeatedly questioned on various topics. Therefore, it has decided to publish a series of FAQs containing clarifications and indications for public administrations and private companies.
The Covid-19 emergency has caused an exponential growth in quantity of people connected to the network who use different digital devices, as well as the massive use of Smart working. This context has opened new doors to the attackers who use malicious software for various unlawful purposes. The increasing number of Data Breaches have forced the Privacy Guarantor to sign a memorandum of understanding with the DIS (Department of Security Information). This protocol represents a strong confirmation that Data Protection is increasingly connected to Cybersecurity.
The new guidelines:
- consent of the EDPB (European Data Protection Board), which has explained the cookie consent (free and unequivocal).
- video surveillance treatments adopted on 29 January 2020 that illustrates the terms of the GDPR that can be applied to the processing of personal data when using video devices.
- the opinion of the Guarantor on the configuration of the ODV for privacy purposes that has reduced the long-standing debate on the subject.
5. How will Data Protection evolve?
During 2021, the DA’s will have to start issuing the first sanctioning measures for personal data transfers outside the EU, countries that do not comply with the provisions of the Court of Justice. The recently presented proposals for the regulations (Digital Service Package and Digital Governance Act) have yet to be submitted to the entire legislative process envisaged for EU regulations.
The tenor of the new proposals highlighted the areas in need of intervention (online markets, social networks, content sharing platforms, app stores and online travel and accommodation platforms) and highlighted those as the aspects worthy of analysis by national authorities.
In the future, the activities of the web giants will be targeted by the national DA’s that will be able to exercise their inspection powers to ascertain any violations to protect the rights of the interested parties. There are therefore many innovations ahead with consolidated regulatory processes already underway and other new processes to be defined.
New technological trends that are shaping the current Data Privacy scenario in Italy and at international level, are:
- Machine learning: Machine learning allows you to predict customer behavior and image recognition, but the future potential is numerous.
- Real time Analytics: Carrying out data analysis in real time favors the speed of the latter, a competitive advantage in terms of internal processes and product improvement.
- New architectures: Open source systems for parallel data analysis or real-time analysis contribute to the emergence of new Analytics models.
- Hybrid Cloud: Connecting your private environment with one or more Public Cloud systems allows you to limit data movements and perform analyzes where data is stored.
- Data Literacy: The ability to organize and interpret data to communicate information is an increasingly important skill for companies, especially among managerial figures.
- Data Monetization: Data has become a “raw material” that attracts more and more investments, selling the resulting information means monetizing and generating business.
- Big Data: a collection of digital data, often heterogeneous among them, so vast as to require special technological methodologies useful to allow knowledge and analysis.
It is becoming more and more challenging to protect data and intellectual property, as well as the privacy of customers, employees and business partners, in a context where complexity and risk are continuously increasing. It is therefore necessary to adopt the best technological solutions to adequately protect data.
Among the solutions that we use to protect our clients data, when it comes to classifying sensitive data in relational or non-relational databases, and monitoring user activities, architectures are often developed based on the IBM Security Guardium. In addition, the IBM solution is also used when preparing audits for the GDPR. When our clients need SaaS and managed solutions for data protection, we trust IBM Guardium Analyzer, which allows for vulnerability scanning and identification of data associated risks, both In Cloud and in local databases.