Tuesday, 01 June 2021 16:51

Tighter data regulations mean we need to run tighter, embedded data protection programs

By Meri Kukkonen
Meri Kukkonen, Head of Australia/New Zealand, Progress Meri Kukkonen, Head of Australia/New Zealand, Progress

Guest Opinion: Six years ago, GDPR made its appearance on the international data protection scene. Since then, the global and local regulatory landscapes around data protection and cybersecurity have greatly expanded.

As our economy becomes increasingly digital, growing cyber threats are outpacing most companies’ ability to manage it effectively. This is putting in jeopardy the safety of organisations’ most important IP today: data.

The Australian Government, regulators and industry bodies including the OAIC, the ACSC, the AISA, the APRA and more are all taking proactive steps to try and keep up with the expansion of the data risk landscape.

The Data Breach Notifications Scheme, the Privacy Act, the Security of Critical Infrastructure Act, the National Cyber Security Strategy - are all constantly evolving, while new regulations are being discussed. We’re even seeing state-led regulatory initiatives emerge, for example with NSW announcing the introduction of new data breach notification laws for all NSW public sector entities.

How can organisations - and their IT teams - keep up as cloud and file transfer methods are allowing data to move more freely than ever?

Keeping up with rising regulations: embedded cybersecurity needed

Most organisations today are not equipped to deal with the expanding regulatory landscape while juggling evolving security threats.

Just look at GDPR - many still struggle with compliance six years in.

This is especially true for industries such as financial services, utilities, healthcare, and the public sector which are handling sensitive information and often struggle to simply keep up with data security and privacy basics.

But instead of taking proactive steps to secure data at the source - which would ease up regulatory compliance - most organisations are adding layer upon layer of security technologies. This approach is simply ineffective if the data itself isn’t secure.

Government and industries need solutions where cybersecurity is embedded at the core of the data and business processes, instead of relying on users and infrastructure-based security.

Stewart Bond, research director, Data Integration and Intelligence software research at IDC recently pointed out that businesses must adjust their strategies to manage today’s new hybrid workforce and maintain secure and trusted remote file transfers to safeguard the sharing of data.

File encryption automation key to achieving and future-proofing compliance

Organisations today need to be able to quickly and easily share critical information without risking the security of this information.

This is why file encryption is non-negotiable.

Furthermore, the pace at which data is created and exchanged, and at which regulatory requirements are changing means that encryption also needs to become automated.

Progress is working with many Australian organisations in industries dealing with highly sensitive data, and compliance is a recurring pain point for their IT teams. This is why we have released a new version of our secure file transfer and automation platform MOVEit which addresses the most critical market developments and top customer concerns in security, usability and integration.

Only file transfer platforms that offer encryption automation can provide the level of security and privacy needed to achieve and future proof compliance. 

Empowering DevOps and DevSecOps teams with next-gen file transfer platforms

DevOps and DevSecOps teams are at the frontline of data protection and encryption. Yet, they often feel overwhelmed by the sheer volume of regulatory requirements. 

Organisations must understand the key role DevOps and DevSecOps teams play and provide them with tools that are fit for purpose.

This includes investing in platforms that allow visibility across core business processes, provide compliant transfer of sensitive data between partners, customers, users and systems, and ensure each piece of data is intrinsically secure with encryption.

Priorities should be put on capabilities such as data encryption at rest and key rotation, multi-factor authentication, lockout mechanisms to prevent password attacks, integration options to be fully compliant across storage and cloud vendors, and APIs for integrating with third-party systems and automating workflows.

This makes it easier for DevOps team to ensure compliance with both regulator and corporate governance requirements – automated, tamper-evident logs will automatically provide proof of compliance - and offers significant improvements over trying to keep up with the accumulation of employee-driven cloud services.

For DevSecOps, all file-related operations can be implemented within a secure framework where access policies are continually respected, and security is built in from the ground up.

Regulations will keep on changing. If IT teams can’t properly automate the encryption of data at scale, they’ll always be one step behind.

It is important Australian organisations look at file transfer methods that can secure data during all aspects of its journey, from creation to final deletion, and invest in platforms with a level of encryption automation. This approach means organisations won’t even have to worry about changing regulations, and IT teams can focus their time on driving value for the business rather than playing data security catch-up.

To learn more about Progress or request a MOVEit demo, contact Victor Tan


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments