echo ''

Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Business Privacy Q&A with Heidi Shey, Senior Analyst Security and Risk at Forrester Research – Part 1

June 14, 2017

Part 1: The Most Critical Data Security Challenge IT Leaders Face

Leading up to our webinar with guest speaker Forrester Research Senior Analyst Security and Risk, Heidi Shey, we had a chance to ask her to address some of the questions around the challenges organizations face today in terms of ensuring business privacy and data security. We’ll be sharing Heidi’s key insights (and some of our own) in a five part series over the coming weeks.

Q1: What are the most critical challenges organizations face today in terms of ensuring business privacy and data security? Who should be most concerned?

Heidi: The biggest thing I see is a tendency to start from a position of focusing on tactical efforts like implementing a particular technology or issuing a specific policy. In these cases, there’s a lack of higher level strategy for business privacy and data security. Decisions about data controls are primarily reactive and compliance-driven. Often there isn’t a consistent understanding of what constitutes toxic data, or data that would be harmful to the organization if compromised, exposed, or lost.

Toxic data includes sensitive corporate data like intellectual property as well as regulated data like personal information, healthcare information, or cardholder data that would typically fall under compliance requirements. Organizations must realize that privacy and data security aren’t simply the concern of IT and security leaders. The board of directors, CEO, and line of business executives should all be concerned because business privacy and data security are matters of competitive differentiation and reputational risk today.


Virtru’s Take

Email encryption and data protection used to be seen as a tactical technology requirement for a limited number of employees within an enterprise. But this has changed pretty dramatically over the past couple of years. We’re now seeing more organization view business privacy and data security as an executive or board level concern that affects all employees across the enterprise.

This uptick in interest is driven by four factors:

  • An increased need to share information across organizational boundaries with customers, partners, and suppliers.
  • The well publicized failure of legacy security approaches to stop sophisticated attacks and data breaches.
  • Complex and ever-changing regulatory requirements that demand higher levels of privacy, especially for cross-border communications. Many of these regulations carry substantial fines and penalties,
  • The move to cloud based systems for email and file sharing. This eliminates the traditional perimeter and means that security has become more about protecting data, regardless of where it’s shared.

We’re also seeing enterprise requirements going well beyond standard encryption to include insight, audit, and control. Security professionals now need the ability to understand where and how enterprise information is shared and maintain the ability to remove access to critical content at any time. Virtru capabilities such as revoke, forwarding audit and control, expiration dates, and customer controlled encryption are all integral to these extended data protection requirements.

Interested in learning more?