Data security and compliance: why prevention is better than cure

Ross Woodham, General Counsel and Chief Privacy Officer, Aptum, discusses the complexities of compliance, a top issue for CTOs, CIOs, and CISOs. He outlines how prevention is better than cure and shares the steps to take to achieve this. 
Ross Woodham, General Counsel and Chief Privacy Officer, Aptum, discusses the complexities of compliance, a top issue for CTOs, CIOs, and CISOs. He outlines how prevention is better than cure and shares the steps to take to achieve this. 

There are over 648 cyber-attacks per minute around the globe. These attacks have been growing in number since the beginning of the pandemic. Simultaneously, there is a shift in how workplaces operate alongside an explosion in data, governmental institutions implementing new data privacy regulatory laws such as the GDPR, Brexit privacy regulations, and changing ransomware policies. This complex landscape can present challenges for any organisation trying to adhere to data privacy and compliance. 

To help navigate some of these challenges, business leaders are adopting cloud technologies. 51% of senior IT decision-makers cited security and compliance as a key driver behind migration to the cloud in our Aptum Cloud Impact Study. However, if cloud migration is not done correctly, companies can put data at risk which can be costly and detrimental to business success. To avoid the consequences of non-compliance, such as financial penalties and reputation damage, business leaders must audit their current protocols to ensure efficiency and effectiveness.  

Importance of compliance 

Regulatory compliance is critical for any business. A transparent regulatory compliance process builds trust in business processes. It also potentially improves revenue in the process by being seen as a reputable, safe business. Compliance exists to ensure customers and consumers, as well as their data and details, are treated within set boundaries. 

Some regulatory processes are designed to fortify data protection. They are created to help harmonise systems and data and assure clarity on what the data is, where it is held, who has access, and if compliance standards are met. This transparency and emphasis on data security bring about increased visibility into environments, essential for any decision-making.

Protecting data has also never been more important with the growing number of cyberattacks on organisations. In June this year alone, there were nearly 10 billion records breached, the cost of which is estimated to be millions upon millions. Compliance is crucial for companies in the wake of these ever-growing threats. 

But where exactly is your organisation’s ‘relevant’ data? How do you ensure compliance and data safety? The key to compliance is preparation for prevention, and it starts with auditing processing activities.

Three steps to take to prevent non-compliance and data breaches

The first step is an audit to register processing activities, then linking it to the organisation’s asset management. At Aptum for example, since we are a global cloud managed service provider, we spend considerable time and investment on the latter. We operate data centres in North America and Europe and have infrastructure throughout numerous locations. Asset management is an important part of making sure that we know where data is, and how it’s moved. 

A cloud environment can enhance data security. Indeed, over 91% of respondents from our study believed that their user data is safer in cloud infrastructures than in on-premise environments. 

Furthermore, 42% claimed a higher degree of success in improving security and compliance after migrating to the cloud, and 51% listed security as a business driver for their investment in cloud services. 

Another important aspect in taking preventative measures to ensure compliance is appraising access. With a never-ending string of cyberattacks, knowing what devices employees are using to access data is an important step to protecting that data. Having full visibility into all IT assets, therefore, remains a priority for IT departments, but as the number of devices employees are using continues to grow, it is becoming an increasingly difficult task for IT to visualise their full IT environment. This is also an area where the cloud can help. 

The right cloud environment can enable total visibility across an organisation’s IT estate to help organisations rapidly identify, prioritise, and respond to all threats that surface. For example, we partner with Alert Logic to safeguard business-critical data across the infrastructure and application stack, merging security technology, threat intelligence, and 24/7 security expert to deliver outcomes to any business. 

However, due to the complexity of compliance, security and cloud, many organisations lack the expertise to carry out a strategic, holistic plan to optimise these processes. In fact, 69% of organisations queried in the Aptum Cloud Impact Study want to accelerate their cloud deployments but admit they need expertise and help.

Optimisation for organisations is best achieved with a partner 

IT security teams are now responsible for protecting a scattered workforce, with an increased number of threats and complex regulatory changes due to changing economic circumstances. Compliance and security can no longer be an afterthought. Through the cloud, businesses can mitigate threats and minimise risks as they arise to create an environment safer than any on-premise or legacy alternatives.

Although no single solution on its own can guarantee 100% data security and compliance, especially in a cloud approach, experienced partners can assist organisations in choosing the right combination of technologies.

A partnership with an experienced cloud service and security solutions provider that understands compliance challenges enables organisations to optimise their protocols and infrastructure stack to prevent issues at the onset. Working with a solutions provider to create and implement a comprehensive strategy based on the organisations’ needs will help companies operate in a more secure, compliant, trusted, and resilient manner, protecting their people, information, and reputation.

READ MORE:

The companies taking these steps will be future-proofed for any unexpected obstacles or challenges that may arise. More importantly, they can guarantee compliance, reaffirming trust in the business, and ultimately grow faster than the companies not taking these steps. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Author

  • compliance, Data, Data security and compliance: why prevention is better than cure

    Ross is a member of Aptum’s leadership team, advising on all legal and regulatory matters, managing the commercial legal functions of the business, and maintaining the corporate governance processes. Additionally, he leads Aptum’s Business Assurance functions which drive continuous improvement in information security and privacy standards, monitors strategic risk, and ensure the business maintains industry and regulatory controls and certifications. Ross has 14 years’ experience working in the legal technology sector and is a regular public speaker on major changes in privacy laws and how they impact the hosting industry. This deep operational knowledge of the industry, and how regulation impacts the business and its clients, provides invaluable insight into developing the necessary internal standards and practices to ensure our services meet the demanding requirements of our clients. Prior to joining Aptum, Ross worked with the law firm Shoosmiths in the UK on their technology and commercial teams. Ross graduated from the University of Exeter where he obtained a LLB in Law.

How to defend against Active Directory attacks that leave no...

Amber Donovan-Stevens • 16th September 2021

Cybercriminals are using new tactics and techniques to gain access to Active Directory in novel ways, making their attacks even more dangerous—and more necessary to detect. This article will explore a few types of attacks have been seen in the wild that leave no discernable trail or, at least, any evidence of malicious activity, explains...

8th worst in Europe: Cybersecurity for UK business

Amber Donovan-Stevens • 10th September 2021

In the article, Hayley Kershaw, AdvanceFirst Technologies, analyses the data from recent research to identify successful cybersecurity practices from countries achieving the top-ranking and how, with the UK’s commitment to cybersecurity, businesses can improve.

Join our webinar on 28th September: How the digital nomad generation influences business behaviour

X