Where Data Governance and Employees are key to Protection

By Anne Hardy, Chief Information Security Officer for Talend, a global leader in data integration and integrity. 

2020 has been year many would like to forget, with so many domestic and global challenges. But it is important to look back in the rear-view mirror to reflect on what happened, so we know where we came from in order to move forward with significant inertia into 2021. Here is what Talend's Chief Information Security Officer, Anne Hardy is predicting for this year. Even if only one comes true, data legislation and access is destined to be quite an exciting ride.  

Consumer protection protocol becomes a national conversation. CPRA passed in California, and there's a proposed bill to make a national consumer data protection act in Congress. Whether or not federal consumer protection legislation is passed in Congress, it'll be passed in the court of public opinion. The more consumers are made aware of the issue the more it will benefit enterprises to maintain airtight practices for protecting their consumer data. In 2021, we'll see major spending on data management and protection to ensure valuable data doesn't become a public perception liability.   

Business continuity and operational risk management interest takes precedence. It is not a question of "if," but rather "when" a disaster will strike. Responding to an incident in crisis mode without the benefit of planning, coordination, and testing can result in more downtime, higher recovery costs and times, a potential negative impact on brand and reputation, and business loss. In 2021, with the continued impact of COVID, we are likely to see even more interest from businesses, customers and investors regarding operational risk management, business continuity, and resiliency.  

Data security governance is a required and critical building block to threat mitigation. Until recently, most data governance programs have focused on data flows and analytics without thinking much about security. New data privacy laws and regulations have forced data stakeholders such as CDO, CFO, CISO, and DPO to make data security one of the necessary building blocks of their data governance efforts. But data security governance is complex as no single vendor product can implement all required data security governance controls. In 2021, as businesses continue to collect and process more and more data, they will have to figure out how to quickly unify their information, so their entire organization is drawing information from the same, trusted and secure well. Next, businesses need to implement and manage their data source through a data protection system with necessary privacy controls in place, so data threats are mitigated. These steps will ensure future business and financial risks are minimized. 

Cybersecurity is part of everyone's job. Cybersecurity is a 24-7 responsibility for everyone because it touches everything. For a long time, it was hidden away in IT and thought of as an IT issue, or sometimes as a compliance problem. But now awareness is growing around the concept that everyone's job requires being a good cybersecurity citizen; especially inside the company, as the greatest threats are from within! The weak links are the employees and insiders who do something wrong or are not careful enough. We can put as many controls in as we want; but ultimately, we rely on employees' safe behavior. It's great that more people are understanding that now. 

Cyber security is a journey, not a destination. The cyber security landscape is always evolving - new threats, actors, and risks arise constantly. The worst is probably that we don't know what the worst is! There is lots of collaboration happening by the bad guys, and probably less on the side of the enterprises needing to defend themselves. 2020 was a wakeup call for many organizations. That is why we must be vigilant and learn from history. By its very nature, cyber security is ongoing and iterative. No system is 100% secure. That is why companies must remain focused on the long-term journey to cyber security by making impactful, data driven decisions which will enable you to always be prepared and agile.  

##

About the Author

Anne Hardy is the Chief Information Security Officer for Talend. With over 20 years of technology experience, she brings an extensive background in security technologies and architectures, data privacy standards, and cloud security. She was most recently the chief security officer for Join Digital, which provides managed digital services to enterprises.

Prior to that, Anne founded a company that developed a cloud-based software solution for analyzing employee experiences. She also worked for over 10 years at SAP, where she held executive roles in security, research, and developer advocacy. Anne currently sits on the Anita Borg Institute's Board of Trustees and founded the Dare2BDigital conference.