The Best of Both Worlds: Data Privacy Regulations and Enhanced Security Postures

For years, European data privacy laws have eclipsed those in the U.S., but the tides may be changing. To safeguard the increasing amounts of digital data, policy makers in the U.S. are focused on adopting stringent regulations to push the data privacy initiative. Inspired by the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), at least 10 states in the U.S. are expected to pass data privacy laws in 2020.  As such, enterprise businesses
must rethink their privacy programs to comply with and support data handling processes.

Consumers are typically the owners and source of private data while enterprises process consumer data. The CCPA requires all California businesses to implement and maintain security practices in protecting consumer
data, and provides residents with the right to access personal data. GDPR and CCPA both impose strict fines on non-compliant companies,

In infosec, the mantra has always been that compliance does not equal security and these new programs will prove no different. Data compliance regulations alone should not be positioned as a cybersecurity strategy. Instead, they should be used as a framework to data security that can help businesses address cybersecurity risks. The dynamic nature of cyber threats mean businesses need enterprise security architecture to manage these risks and should implement a strategy that combines both compliance and security. To maintain effective security and compliance, follow these four steps:

1. Secure Software Development: A software development life cycle (SDLC) helps establish a framework to define how each task should be performed in the software development process. SDLCs help maintain secure environments that support business needs with policies, procedures and standards that describe how to develop, maintain and replace software. Utilizing an SDLC can ensure security and maintain compliance.
2. Encryption and Key Management: If you’re encrypting data, evaluate sensitive data that may be in your system. If the data is not necessary, it needs to be securely disposed of to eliminate unnecessary risk. Additionally, your encryption key management program should be fully documented, protecting keys during storage and replacing them when weakened or compromised. This will help keep you secure and compliant with applicable frameworks.
3. Hardening and System Patching: Your businesses’ patch management program should include policies and procedures on how updates are deployed, the frequency that items will be reviewed, timing requirements for deploying a critical patch, and the testing requirements and methods. A vulnerability identification program will help ensure security and maintain compliance.
4. Firewall and Router Management: Firewall and router management are important to managing a secure environment. Managing the security of a device goes further than the device itself – it includes looking at your network environment holistically. Focusing on the security of physical devices, operating system security and secure traffic rules will help improve your security posture, as will hardening network devices for secure management.

Carolina Advanced Digital offers a breadth of security solutions including products and services for security reviews and assessments, full disk encryption and secure key management, Network Access Control (NAC), endpoint security, firewalls, sandboxing, and professional and managed services. Contact us today to schedule a free call with a team member to discuss your needs.

You can also see related technologies at our upcoming IT Hot Topics Conference. For more information visit https://hottopicsconference.com .