Virtualization Technology News and Information
VMblog's Expert Interviews: SolarWinds Discusses the Privacy Evolution and Cybersecurity Following GDPR Anniversary


With the one-year anniversary of GDPR this past weekend, let's reflect on today's privacy and cybersecurity landscape.  The world is in the midst of a privacy evolution; privacy is not "dead" as some may claim, but it is changing.  We should anticipate additional changes to what privacy looks like, and how we manage it, in 2020 and beyond.  I recently spoke with Tim Brown, vice president of security, SolarWinds, about a few top tips and best practices for maintaining security in this privacy evolution.

VMblog:  Let's start with the basics of cybersecurity.  How should technology professionals prioritize security and help ensure privacy in their organization?

Tim Brown:  First, technology professionals managing security practices in their organization must always meet the needs of basic cyberhygiene, including: managing and patching machines; having a backup in place; and establishing a solid cybersecurity program. With basic cyberhygiene practices in place, tech pros should also go beyond the basics of cyberhygiene. 

Examples of transcending basic cyberhygiene range from understanding tech environments to uncover any potentially hidden data risks and help explain key elements to business leaders; educating everyone in the organization (from the intern to the C-suite) on cybersecurity best practices and the risks to data/implications of a breach; adopting threat monitoring and detection tools to help effectively manage and protect a tech environment while not relying entirely on the "new shiny security tool;" and practicing good password hygiene. Notably, poor password hygiene is often the root cause of ransomware attacks as vulnerabilities like retaining default passwords for firewalls make businesses low-hanging fruit for cyberattacks.

VMblog:  How can businesses prepare for, and manage, this privacy evolution?  How has GDPR affected security and privacy since its implementation last year?

Brown:  First, it's crucial to know the chain of data. GDPR holds every company in the supply chain accountable to prioritize security and privacy. This means that a company must ensure its vendors are also GDPR compliant and even its vendors' vendors. Know the data you have and be cognizant of whom you're sharing it with-understand the chain of data to ensure privacy and compliance.

It's also key to understand and manage data requests. Do you know your data inside and out-where it is stored, how to respond to requests about data, and how to protect it? Not all breaches are created equal. It's important to understand how to protect data effectively, from any and all threats-for example, if a system is lost with data on it, you must be sure it's encrypted and the data is not accessible.

VMblog:  What is driving this privacy evolution in the enterprise and throughout businesses?

Brown:  One phenomenon driving the privacy evolution is remote working. While the bring-your-own-device (BYOD) era kicked off several years ago, by now it's second nature for employees - and with this shift, remote working has increased in popularity. Tech and security pros must now manage the modern-day workplace where employees are working outside the traditional four walls. Remote working has made "the workplace" impossible to define as a physical location. With this shift, technology professionals and IT teams need to shift from managing devices to managing people, to stay one step ahead of such a rapidly evolving reality.

In addition to educating employees in best practices for good cyberhygiene, tech and security professionals can also follow the 80/20 rule, where companies treat 80 percent of the people in a similar fashion, while treating the riskier 20 percent of users with a higher level of security. Access should only be allowed via corporate devices, where multi-factor authentication is mandatory, behavioral analytics are applied, and full auditing must be carried out regularly. Another way to facilitate privacy is to implement a "zero-trust" policy. To protect in an age of remote working, assume untrusted actors exist both inside and outside the network and ensure every user access request is authorized.

VMblog:  What about from a personal perspective?  Is the privacy evolution impacting our personal lives and if so, what can we do to protect our data-and ultimately ourselves?

Brown:  In today's privacy evolution-which most definitely spans our professional and personal lives-we must reflect on a difficult question: do the benefits associated with giving up our privacy outweigh the risks? Consider this: services we use every day (such as GPS apps or social networks) wouldn't exist without our data. Are we willing to give up privacy in exchange for these benefits? In most cases, the answer is yes. Two ways to help ensure security to enjoy the benefits of these services are to replace passwords with passphrases. Passphrases increase the likelihood of remembering your password and make it more difficult for hackers to crack. Additionally, know your accounts. Use different passwords depending on the "importance" of your account-leverage a few "throwaway" passwords and email addresses for low-importance activities.


Tim is the VP of security for SolarWinds with responsibility spanning internal IT security, product security, and security strategy. As a former Dell Fellow, CTO, chief product officer, chief architect, distinguished engineer, and director of security strategy, Tim understands the challenges and aspirations of the person responsible for driving digital innovation and change. Tim has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security.
Published Thursday, May 30, 2019 7:32 AM by David Marshall
Filed under: ,
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2019>