Data Protection

Picture of Keypoard with CAUTION with mini caution cone Introduction:
The protection of data is becoming more difficult while the necessity is becoming increasingly more important. Data represents facts on the attributes of a given subject. In contemporary times, except for those in very remote circumstances, almost every human being is a data subject. Government agencies, retailers, airlines, hoteliers, health care providers, educators, financial specialists and social media are just some of the entities that collect and manipulate data related to people. Technology capabilities have advanced to the point where near limitless quantities of digital data on an individual may be retained, possibly forever.

Datasets representing an individual can potentially provide anyone else that possess the appropriate level of access with a broad scope of knowledge on the individual’s life. In the hands of someone with malicious intent, the dataset can become a weapon, possibly of destruction. So serious is this concern, that included in the General Data Protection Regulation (GDPR) is the clause ‘natural persons should have control of their own personal data.’ Similarly, the US Privacy Act (1974) stipulates, among other things, that individuals should be able to determine what data is collected, guarantee that collected data is used solely for the stated purpose and that this purpose must be legal. This encroaches the realm of privacy.
One tactic that has become a standard for addressing online privacy is the use of privacy notices. This is required by regulation in many jurisdictions and gives online users the option to accept or reject participation in the collection of personal data. Studies have found though, that there is a general misunderstanding of the content of these notices and most people are not aware of the full implications even after consenting to the terms and conditions.



Big Data

There are large and unique data protection challenges introduced by big data. Huge data volumes, data diversity, extensive linkage possibilities and the in-depth scope of analysis are among the principle characteristics of big data. Particularly, the wide-ranging link and analysis opportunities make it possible to indirectly obtain specifics on individuals. Challenges to data protection in the big data era has been the quantity of collected from volunteers and the level of surveillance being conducted on a continuous basis. Specifically, the growth in wearable devices and the Internet-of-things (IoT) continue to contribute significantly to the quantity and type of data being harvested about people.

Picture of 5 people using cell phones

Photo by Pexels



GDPR Illustration

Legality and Regulations

From a legal perspective, individual rights feature prominently and much debate ensues around this topic. Distinctions are made between data protection rights and privacy rights and scholars remain divided on this and other pertinent legal issues. Nevertheless, there is almost universal agreement that the right to privacy and the right to data protection are two fundamental rights that must be observed and enforced.

It must be stated that the emergence of the right to data protection has been largely fueled in the European Union (EU) by the GDPR. As expected, treatment of the right to data protection varies within jurisdictions external to the EU. It is notable however, that the GDPR stipulations follow EU citizens making the GDPR independent of geographical boundaries. For this reason, it behooves organizations conducting business with EU citizens to become compliant with the regulation. There is provision within the regulation for quite onerous consequences for violators.

Some regulations outside the EU include:

  •   PCI / PCI – DSS - https://www.pcisecuritystandards.org/ (USA)
  •   SOX or Sarbanes-Oxley - https://sarbanes-oxley-101.com/ (USA)
  •   GLBA - https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act (USA)
  •   HIPAA - https://compliancy-group.com/hipaa/ (USA)
  •   Data Protection Act 2017 - https://www.japarliament.gov.jm/attachments/article/339/The%20Data%20Protection%20Act,%202017--.pdf (Jamaica)
  •   Data Protection Act 2011 - http://www.ttparliament.org/legislations/a2011-13.pdf (Trinidad and Tobago)
  •   Data Protection Act 2019 - https://www.barbadosparliament.com/uploads/bill_resolution/7b81b59260896178b5aa976fdb87bfee.pdf (Barbados)
  •   Data Protection Bill (2016) - https://www.oecs.org/en/procurement/e-gov/data-protection-act (Organisation of Eastern Caribbean States)

Illustration of Cloud Base Backup
Illustrations..freepix - Concept Digital Works

Databases

A significant portion of data captured by organizations is stored in databases. Despite the growth in big data models and online cloud services, there are still a significant number of traditional styled on-premise databases in existence. The sensitivity of content of these databases will vary from low to high. Additionally, there is an emerging trend of storing backup copies of on-premise databases in cloud repositories. As a primary source of information, both on-premise and cloud databases are targets for malicious attacks and should be protected. Successful compromise of database security can potentially place the organization at risk for non-compliance with regulations. There are a number of approaches that may be taken to increase the protection of database content and TRUSTWORTHY Systems Inc. has partnered with a number of industry players to help organizations properly implement and manage these solutions. One of those partners is McAfee.

On-premise Database Security Solutions

Illustration of McAfee's DataBase Security Suite

Online Database Security Solutions

McAfee MVISION Cloud delivers cloud-native data security, a set of capabilities that protects information in today’s cloud-first technology landscape. The solution extends familiar security concepts from the client-server era including data loss prevention, identity and access management, encryption, and user and entity behaviour analysis, and reimagines them as applied to data in the cloud. The McAfee solution also layers in new controls built from the ground up for the security challenges enterprises face as corporate data moves to the cloud. It delivers complete awareness and control over organizational data and user activity in cloud services.



Illustration

Three steps to online data security:

First, McAfee MVISION Cloud identifies your information in the cloud. Secondly, McAfee MVISION Cloud integrates directly with cloud services, enforcing real-time controls over how information is accessed, manipulated, and shared within these services. Thirdly, McAfee MVISION Cloud applies protection to your information that persists wherever it goes: inside or outside the cloud.

Picture of Text supered over image

Encryption

A trend that is continuously progressing is the adoption and proliferation of mobile devices. These devices include laptops, tablets, USB drives, SD cards and a wide range of small devices with large storage capacities. These technologies make it difficult for organizations to track, control and manage data. This is especially problematic for situations involving sensitive data types such as financial, medical, design and intellectual property. Encryption provides a solution that is applicable to many scenarios. TRUSTWORTHY SYSTEMS Inc. can assist with deployment and configuration of the McAfee Complete Data Protection Suite of tools that provide encryption for entire drives, removable media, file, folder and cloud storage. The tools function within Windows and Mac environments and satisfy many audit and regulatory requirements. Stolen or lost encrypted data is typically useless to unauthorized people attempting to access it.

Data Loss Prevention

Data loss occurs when confidential or private information leaves an organization as a result of unauthorized communication via applications, devices or network protocols. Examples include clipboard software, cloud applications, email, network shares, printers, screen captures, browsers and web posts. Data loss events represent a major channel for data breaches and violation of regulations. Data loss prevention (DLP) together with data encryption epitomize a powerful solution to data breaches. Through our partnership with McAfee, TRUSTWORTHY SYSTEMS Inc. can provide a data security solution that allows organizations to protect valuable data from internal and external breach agents. There are four high level steps to the McAfee DLP process as outlined here: Classification – content classification may be achieved through the application of criteria such as advanced patterns, dictionaries, true file types and source or destination location. Track – Through content fingerprinting and registered documents mechanisms, McAfee DLP can track content based on storage location or the application used to create it. Protect – This step consists of the creation of rules to identify sensitive data and take appropriate action. Monitor – Incident management, case management, operational events, evidence collection, hit highlighting and reporting comprise the monitoring step.

Data Visibility, Classification & Retention

In addition to data security initiatives, organizations need to store data in locations and through methods that are separate and distinct from the primary data. This is especially useful in situations where the primary data has been rendered inaccessible. Data encryption through ransomware, data erasure or data corruption are examples of events that require data recovery. Therefore, when preventative approaches have failed, a functioning data recovery system becomes the last resort in data protection. While it is a fact that organizations have been employing data backup systems for as long as digital data was being processed with computers, recent changes in the treatment of digital data by organizations dictates strategic changes in backup and recovery approaches. Cloud migrations, increasing use of mobile devices and more affordable large-scale storage solutions are some of the main influencers of new backup and recovery models. With data widely distributed in several repositories, organizations need tools that yield greater awareness of storage locations. Moreover, many organizations retain data that is irrelevant and obsolete. Veritas Information Map (VIP) provides organizations with the capability to collect information about the data resident on Windows, Linux and Unix file servers, network attached storage (NAS) devices, Exchange server, SharePoint server, Amazon S3 cloud buckets, Microsoft Azure, Google Cloud and other public cloud platforms. With the visual map output from VIP, files can be classified based on risk, value and wastage. With this enlightenment, intelligent decisions may be made to reduce information risk and optimize information retention.

Data Management

The integration of Backup Exec or NetBackup with VIP and provisioning services from TRUSTWORTHY Systems Inc. will produce better data management for organizations. Implementation of a well designed and robust data management solution will permit organizations to recover from data loss and major data disasters. Use the following chart to obtain initial guidance on the choice of Backup Exec or NetBackup in your environment and let our consultants help you implement or upgrade your solution. As a Veritas partner, TRUSTWORTHY Systems Inc. available to help organizations roll out a complete data management solution across physical, virtual and cloud workloads.

Let TRUSTWORTHY Systems Inc. be the catalyst for risky behavior, change and development of a better digital experience within your organization.

Picture of TSI's Super Hero Character