Security compliance has become a hot topic following the rise of various regulations including the European Union (EU) General Data Protection Regulation (GDPR), Basel Committee on Banking Supervision’s standard (BCBS) 239 and the California Consumer Privacy Act (CCPA). As shared in a Capgemini report from 2019, the percentage of organizations that are fully GDPR-compliant stands at less than 66%.
Where does the broader issue behind compliance stem from? The relationship between organizations and the people they market to is evolving. From data privacy regulations such as GDPR and CCPA to existing marketing legislation like the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM act for email, consumers are increasingly demanding control over the level of contact they receive as part of a business relationship. This makes data quality more important, as accurate data is critical to prevent any violations and to avoid penalties.
Companies are adopting GDPR readiness assessments to identify current privacy gaps with respect to the GDPR and to develop the strategy road map, including data anonymization, data retention, data minimization, etc.
Enterprises also have created frameworks for securely storing and applying customer-managed security keys to access data and services in a multicloud environment.
Privacy by design includes privacy at the inception stage of new devices, networked infrastructure, IT systems and even corporate policies. Developing and integrating privacy solutions in the initial project phases proactively identifies problems and helps prevent them in the long run.
Privacy solutions in the past often have been installed as a reactive measure after the occurrence of a breach. Privacy by design aims to make data privacy a more proactive and prioritized feature for developers and business administrators.
Privacy by design also can be implemented taking on the challenge of complying with data protection standards. For example, the GDPR mandates robust security for personal data. Recommended privacy protection practices include data minimization and pseudonymization, which are in harmony with privacy by design.
Infosys partnered with a top American bank to integrate data privacy and security implementation that encompassed various technology streams such as the internet of things, big data, analytics, mobile platforms, social media marketing, cloud, etc.
An American agricultural equipment manufacturer used privacy engineering, assurance and advisory services for the design of an application.
A Belgian courier company was provided recommendations by Infosys to design, develop, and implement a portal compliant with EU data privacy regulations on various platforms.
Enterprises now can focus on core capabilities because data storage concerns have been eased by cloud adoption. Behind the increased need for cloud security solutions are major concerns about privacy and security breaches. This means that within the cloud security domain, cloud access security brokers (CASBs) are rising to new levels of prominence. Between 2019 and 2025, it’s predicted that the worldwide CASB market will expand at a compound annual growth rate of 16.9%. The reason for this growth is widespread deployment by a multitude of business, both small and medium size. Given how flexible the CASB solutions are, it is no surprise that the adoption rate has been as high as it is for SMEs.
CASB helps in shadow IT audits, scanning and protecting data on cloud storage and preventing data leaks on software-as-a-service applications. It enables evaluation of compliance and security requirements. CASB encrypts and tokenizes data while also stopping the upload of sensitive material. Based on location, operating system and device, different levels of cloud service functionality and data access are granted to each user. Gartner reveals that the percentage of enterprises securing their cloud applications with a CASB will be 60% by the year 2022.
Infosys has invested in a modern security stack (multifactor authentication, conditional access, virtual private network, terminal access, endpoint protection platform, endpoint detection and response, data leakage prevention, patching, hardened build, etc.) for endpoints, which gives us ongoing assurance of security of these devices and relevant insights as well. Our remote monitoring and management solution stack provides unified control and visibility into our entire IT infrastructure, so servers, networks and endpoints can be actively and remotely managed. We are rapidly upgrading this infrastructure to support the exponential need for remote access.
To keep yourself updated on the latest technology and industry trends subscribe to the Infosys Knowledge Institute's publications
Count me in!