In addition to data privacy laws, organizations may face a myriad of other requirements like PCI-DSS for credit-card handling and HIPAA for health information, as well as environmental, social and governance (ESG) efforts pushed by investors and others.
To assure compliance, companies typically establish a cohesive and uniform program by adopting a data privacy framework like the NIST Privacy Framework or ISO 27001, then building upon it.
That’s where our other key trends for 2022 come into play.
Compliance and the Changing Threat Landscape
A central requirement of every compliance framework is a robust defense against data leakage and theft. These breaches are often a component of ransomware and other attacks, but are sometimes due to careless or malicious handling of data by insiders. We’re strong proponents of the fundamentals of cybersecurity and best practices like updating malware signatures and applying vulnerability patches as they become available.
Future-ready NGFWs, as well as server, cloud and application protection, are vitally important in preventing data leakage, as is micro-segmentation of VMs to block unauthorized lateral movements of multi-stage, multi-layer attacks. Botnet C&C prevention can ‘cut off the head’ of ransomware and other threats, preventing communication back to the hacker and effectively negating the threat.
Two newer technologies, zero-trust network access (ZTNA) and extended detection and response (XDR) also bear investigation for their ability to tightly control access with improved security, and to more accurately identify and rapidly respond to threats, respectively.
The Expanded Network Edge: Cloud and Remote Workers
The cloud and the distributed workforce both represent an expansion of the network edge, though they have dissimilar impacts on compliance. The majority of public cloud offerings, for example, offer services that can be compliant with various privacy laws, as well as guidance and support in achieving compliance. Private and hybrid clouds place more of the burden squarely on the shoulders of enterprise compliance and IT teams, though careful considerations are required regardless of the cloud model.
The distributed workforce represents another area of concern for compliance, in that access control to sensitive data must be tightly managed, and any connections over which the data will transit must be secured as well. SD-WAN and ZTNA are two technologies to consider; SD-WAN, for example, offers a number of benefits over VPN for securing remote workers.
AI and Compliance
Another of our key topics for 2022 is artificial intelligence and its subcategory machine learning (ML). AI and ML are becoming widespread in security technologies and providing assistance in threat detection, correlation and analysis, hunting and coordinated response. In terms of compliance, AI and ML are utilized in User and Entity Behavioral Analysis to detect malicious insiders and external forces that can compromise protected data.
If this information is helpful to you read our blog for more interesting and useful content, tips and guildelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be asiisting you with your query.
Content curated by the team of COMPUTER 2000 on the bases of marketing materials provided by our partners/vendors.
Follow us to learn more
CONTACT US
Let’s walk through the journey of digital transformation together.