Cybersecurity, cloud computing and a handful of other issues will be among the top data security concerns of the new year, according to a report from Thomson Reuters News & Insight.
Even after the myriad data breaches and cyberthreats that occurred in 2011, Cynthia Larose of law firm Mintz Levin noted that 2012 will be a "watershed year" in terms of Internet security and privacy.
"Companies could be forced to change how they store and use customers’ personal information," Larose wrote. "At the least, businesses must ensure they have robust processes and systems in place to protect private data."
In regards to cybersecurity, Larose highlighted a need among businesses in every industry to reassess the way they control data and handle personal information. She stated that companies must be proactive in the way they protect consumer information, adding that data security should be "entrenched in everyday business practices."
In order to accomplish this, Larose offered three measures that should be considered. First, she said, businesses must be aware of what information they store, where it is located and how it can be secured. Then, she recommends restricting access to certain information, ensuring that only authorized personnel can view data while making it unreadable to others. Finally, she suggests "having ample documentation of security systems," noting that if regulators do investigate a company, it will be able to prove that it is taking reasonable measures to keep sensitive data safe.
Larose also pointed to cloud computing as a pervasive security concern for 2012. According to a study from IBM, 60 percent of CIOs surveyed say cloud computing is part of their plans to increase competitiveness and improve business operations.
However, in order to be most effective, businesses will need to devise strategies for keeping customer information stored in the cloud safe from data breaches and loss.
Larose noted that there are several cloud security and privacy concerns that business must address. One is the ownership and governance of data across international borders. In the cloud, data is not necessarily being accessed from the same country where it is stored. Therefore, there is some confusion regarding the ownership of such information and who has jurisdiction over it.
This is especially evident when considering the United States and the European Union. The USA Patriot Act gives the government somewhat broad authority to compel organizations to turn over private information. However, as Larose pointed out, this conflicts with the EU's data protection laws, which are significantly more restrictive when it comes to sharing information with third parties operating outside of the union.
Another concern deals with cloud computing regulations, or lack thereof. Several industry organizations have attempted to establish cloud computing standards, but no government body has staked its authority over the burgeoning technology. In the United States, Larose said, this may change in 2012, as the federal government could put in place comprehensive regulations for cloud computing.
Larose also cited the prevalence of location-based services, international privacy laws and data protection legislation as other security concerns for 2012.
Each of these issues could point to data-centric security measures as the solution. With more information being stored online, the number of channels through which it can be accessed has increased dramatically in recent years. As such, it is no longer enough for companies to simply guard individual endpoints.
Instead, it is becoming evident that organizations must protect the data itself though encryption, cloud-based securities and a number of other measures. In most cases, this will prove to be the most effective means to ensure personal data isn't lost or stolen.
Cloud Security News from SimplySecurity.com by Trend Micro