enterprisesecuritymag

Navigating the World of Cybersecurity Risk without Impacting Day-to-Day Business Operations

By Andrew Neal - President, InfoSec & Compliance Services, Information Governance, TransPerfect And Sophie Best, Director, TransCEND

Andrew Neal - President, InfoSec & Compliance Services, Information Governance, TransPerfect

With the proliferation of data privacy and information security regulations around the world and the multimillion-dollar fines being faced by companies such as Google, British Airways, and Marriott, it’s no surprise that security and data protection are at the top of many corporate agendas. Yet despite the increasing awareness of—and need for—cybersecurity, business must go on. Success often requires that we communicate, share data, and digitally interact with our clients, business partners, and other stakeholders. The challenge is in providing the means by which to do so securely, avoiding the risk posed by portable media, email, or self-provisioned shadow systems.

The ongoing development of cloud-based solutions, whether at the platform or service level, has created opportunity for problem solving and business enablement. Again, however, it has also increased the associated risk. Cloud-based data sharing solutions can be quickly provisioned by nontechnical personnel and rapidly integrated in the adhoc workflows to transact business. Our extensive experience in digital forensics and post-incident data handling has shown these high-speed and innovative attempts to satisfy a legitimate business need may circumvent controls and risk assessment processes, creating unwanted and unmanaged exposure.

"Leveraging technology to meet risk management goals while facilitating business processes is best practice for meeting both regulatory requirements and user and client obligations"

We find that many organizations are seeking the same thing: a platform or process that supports the rapid pace of communications required by the current business environment, while reducing data-centric risk. TransPerfect, working with our partners at Microsoft, is part of that wave of innovation. Together, we develop solutions that facilitate business by providing a secure way to share information.

The wish-list for information security and data privacy professionals, whether it is for document sharing in an M&A transaction, exchanging sensitive materials with a client, or sharing data with a third-party service provider, shows some common features that are important in a secure document-sharing mechanism. Key features required for this class of solution include:

The ability to control user access, both internally and externally, very rapidly

Business processes must be enabled, however, with the ability to quickly control from a security standpoint.

The highest level of control over which content is released to whom

Many businesses hold a huge amount of data very few people are privileged to see in full. It’s of the utmost importance that businesses have confidence that they can share critical information with relevant parties only.

Sophie Best, Director, TransCEND

Advanced searching

We’ve seen clients who have a huge volume of data available to them, yet can’t make use of that information securely. Having a system that not only allows secure collaboration but also provides secure searching brings a whole new aspect to efficiencies within the business.

Full auditability of who accessed which content and when

In a world of investigations, it’s imperative that businesses can legitimately prove where and when access occurred to sensitive and general corporate information.

End-to-end encryption

With cybersecurity risks at an all-time high, having the highest level of protection around sensitive information that has to be shared is a must.

Mechanisms to enforce geography-based or IP limitations on access to data

Clients are able to give flexibility to their business users who need to review information without imposing more risk.

Flexibility as a solution

Technology doesn’t stand still, and therefore neither should solutions. As challenges change, it’s imperative to stay on top of solutions to help clients find the right fix.

Ease of use (which is often forgotten)

While security is always a top priority, allowing business to go on efficiently is just as important.

The consumerization of cloud-based data-sharing technology has made end-users and clients aware of the speed and convenience available in the data-sharing-solutions marketplace. This viewpoint contrasts with business leaders who are painfully aware of the proliferation of punitive data-centric security and privacy regulations and the contractual requirements of business partners. How do you satisfy both groups? First, identify the data and materials that must be shared securely. Second, find a platform or solution that meets the key features listed above while integrating well into your environment. Lastly, continuously monitor and assess whether your use of the solution is meeting your security and regulatory compliance requirements.

Data security and privacy regulations, and their potential to trigger penalties, are here to stay. Cloud and other technologies provide solutions to meet our regulatory obligations. Leveraging technology to meet risk management goals while facilitating business processes is best practice for meeting both regulatory requirements and user and client obligations.

Check out: Top Web Security Solution Companies

Read Also

Cyber Risk is Business Risk

Cyber Risk is Business Risk

Christopher Porter, SVP & Chief Information Security Officer, Fannie Mae and Member of the Board, FAIR Institute
The Weakest Link

The Weakest Link

Mitchell Taylor, CIO/Director of IT & Security, CalSheets LLC
Balance Must be Created Between Applications And Managing Security

Balance Must be Created Between Applications And Managing Security

Phil Bertolini, CIO& Deputy County Executive, Oakland County

Weekly Brief