It seems that every month, another data breach occurs and our private information is no longer private. We are now exposed to potential identify theft, credit cards being sold on the dark web and our credit rating in chaos. Some people feel vulnerable sharing personal data with companies while other groups like millennials voluntarily open their entire digital life. Data has been monetized so effectively, it’s the new gold. As a company who stores personal data about others with whom you do business, data breaches are always on the mind of company leaders. How do we make sure we don’t end up on the front page of the Wall Street Journal? How do we earn the faith of our customers that they can trust us with their data?
Companies spend millions of dollars each year to become and stay compliant with various regulations such as HIPAA and Sarbanes-Oxley and providing attestation of compliance for PCI and SSAE 16. They have employees who spend hours combing through reports and various software packages putting together data to support compliance. It’s a never-ending task and you are still not fully assured that the data is secure.
Algro takes a different approach to the data security strategy. Instead of putting controls in place to meet specific privacy regulations and security standards, we support an approach of overall data security. It sounds simple but, takes a lot of planning, work and culture shifts to be successful. However, by taking this approach, the company can be compliant with most all regulations and spend much less money and time on data security. Some nuances may still be needed on how to establish your security practice for regulations like PCI which are more prescriptive on how security is to be administered. Basically, regulations and compliance standards are various perspective of data security.
One key component of a strong data security approach is to have a “culture” of data security. What does that mean? Data security should not be approached as an IT event. It is incumbent upon every employee to think like a security person; it should be part of the company culture, in its DNA. If employees perform their jobs with security as another standard process, the data they manage day to day will be secure. Therefore, core business processes need to be assessed for how data in these processes are handled and stored and retooled to have security integrated into those processes, not an afterthought control.
Algro takes a different approach to the data security strategy. Instead of putting controls in place to meet specific privacy regulations and security standards, we support an approach of overall data security. It sounds simple but, takes a lot of planning, work and culture shifts to be successful. However, by taking this approach, the company can be compliant with most all regulations and spend much less money and time on data security. Some nuances may still be needed on how to establish your security practice for regulations like PCI which are more prescriptive on how security is to be administered. Basically, regulations and compliance standards are various perspective of data security.