Data security regulations + a spending disconnect

Posted by Camden Swita on March 23 2017

This is a repost of our first weekly newsletter. We'll bring you insights from our executive team, news and information about data governance and methods you can use to prevent leaks. We’re looking forward to your feedback and hope you enjoy the read. If you'd like to receive future editions, please subscribe.

Widespread Adoption of New Financial Data Regulations

If you don’t do business in New York or work in the financial services industry, the New York State Department of Financial Services (NYDFS) rules that went into place March 1 won’t directly impact your day to day…yet.

I say yet because other states are looking at the rules as possible blueprints for their own regulations. Significant takeaways from the regulations include:

  • Covered NY entities (banks, insurance companies, financial services providers, etc.) are now required to have a Chief Information Security Officer (CISO) and he or she must report to the company’s board of directors about cybersecurity and compliance issues.
  • Based on an organization’s cybersecurity risk profile, it must produce and deploy cybersecurity policies and programs. The goal of said programs and policies, of course, is to reduce cybersecurity risk and prevent incidents from occurring.
  • Data security programs must address a variety of issues that many organizations may or may not already have covered. These include encrypting not just customer information but also “nonpublic” information (which is a pretty broad catch-all), detailing incident response plans, using multi-factor authentication, training employees on data security best practices, supervising employee behavior and retaining sensitive data in secure environments.

Subscribe and save the day

Perhaps the biggest impact on corporations’ bottom line is that they’ll need to provide proof of compliance to the state. Anyone that has worked with a government regulatory agency knows that this is much easier said than done.

Many data security industry experts speculate that the adoption of these New York regulations and the EU Parliament’s recent push for more data governance regulations signal the beginning of widespread adoption of similar policies across the US. If your organization hasn’t already begun mapping out its data governance procedures, now would be a good time.

Spending More to Secure Less: Thales’ Big Disconnect Study

International market research firm Thales recently released its 2017 Data Threat Report. A major theme in the study is a growing disconnect between the amount of money surveyed organizations are spending on data security and the effectiveness of their strategies. Budgets are soaring in 2017:

Thales Security Budget Graph.png

 Yet the number of respondents who had a data breach in the past year went up:

21 percent circle.png              26 percent circle.png

So where is the disconnect between spending and effectiveness? Thales thinks spending priorities are out of whack at many organizations. Most spending is still in network and endpoint security, two areas that are proving less and less effective as workforces move further away from the home office and user devices diversify.

Thales Spending Priorities Final.png

According to Thales, protection for data at rest and data in motion need to be higher on every organization’s priority list. Device and network security isn’t enough. They need to protect the data itself, regardless of where it is or who has it.

This Week in Data Leaks

Our list of notable data leaks and incidents over the past week:

 

Vaultize is an innovative data security company that allows customers to track and control their documents from creation to deletion on any device, anywhere. From CYA to compliance, Vaultize provides data protection without restricting use. Vaultize’s platform utilizes DRM and encryption to secure any and every file, protects those files no matter where they travel, and provides visibility into who is accessing them and how they are being used. The Vaultize platform is transparent to users, scalable and flexible to deploy. For more information, visit www.vaultize.com.

 

Topics: endpoint data protection, newsletter, data in motion, thales, data at rest

Subscribe To The Blog