Are there blind spots in your data compliance strategy?

There’s no getting away from data compliance issues. They present a significant challenge to businesses in every industry and around the world, a challenge which is only increasing as new regulations come into play. On top of HIPAA and PCI DSS regulations, which US companies have had to deal with for years, came the introduction of GDPR in May 2018, affecting all companies that deal with customers in the EU.

January 2020 will bring the California Consumer Protection Act (CCPA) into effect, which heaps more regulations onto businesses that interact with residents of California, and the New York Privacy Act still hasn’t been voted into law, but it also hasn’t gone away.
Image source: https://termly.io/resources/infographics/gdpr-vs-ccpa/


At the same time as regulations are increasing, data is multiplying. Customers require you to make it quick and easy for them to log in and check out, which means using cookies to record their personal details. Successful marketing has to be personalized and customized, requiring you to store even more customer data.
And yet businesses of all sizes are expected to maintain 100% compliance with data regulations. It’s no surprise that many of them fail.

Companies are not succeeding in keeping up with data compliance regulations

According to one report, 72% of companies are not fully GDPR compliant one year after it came into effect. These include corporations the size of British Airways, which was fined £183 million in July after a data breach, which investigators blamed on inadequate security arrangements.
The upcoming introduction of the CCPA doesn’t bode well for data compliance. Some 70% of privacy professionals report that their systems won’t be ready to support the new regulations. According to the Financial Times, only 42% of businesses are prepared or expect to be prepared for CCPA by January, which, of course, means that 58% likely won’t be ready.
But the known lack of preparedness isn’t the real danger in data compliance.

The ‘unknown unknowns; could bring down your compliance

To quote former US Secretary of Defense Donald Rumsfeld, the biggest problems facing your data compliance aren’t the “known unknowns” but the “unknown unknowns.” He wasn’t talking about data privacy when he said this, of course, but the principles definitely apply. The real killers here are the blind spots in your compliance strategy which mask holes that you don’t notice and don’t know about.
Image source: https://www.imperva.com/learn/data-security/data-loss-prevention-dlp/


If you already have data loss prevention practices in place, chances are solid that you’re most of the way towards data compliance. You’ve probably already covered the basics, like appointing a dedicated data protection officer, or even a data protection team; setting strong access controls and encryption rules into place; and implementing a system of automated alerts so that you’ll know about any

potential data breach as soon as possible.
These are all vital steps, and they bring you about 80% of the way to full data compliance. Unfortunately, the Pareto principle takes an ominous turn here and hints that closing the remaining 20% of the distance is likely to take more work than the first 80%.
However, failing to do so could end up undermining all your data compliance efforts so far.

Shining a light into shadow IT

We live in an age where the self-service nature of SaaS apps makes it super easy for your employees to pick and choose the best tools for them to do their job. Add to that the tech know-how of a generation of digital natives, and you have all the ingredients you need for a disaster of epic proportions.
IT teams are increasingly losing their grip on what’s termed “shadow IT.” This refers to the dozens of apps that employees use to process, analyze, and respond to confidential customer data.
The trouble is that you don’t know what apps they’re using, which data is stored on those apps, or what type of controls and safeguards are in place to prevent external actors from hacking into the apps.
That’s why, to quote Uri Nativ, co-founder and VP engineering of the SaaS management solution Torii, “Your IT department must take back control of their organization’s tech stacks immediately. A single system of records for all your SaaS is the foundation of compliant SaaS management.”
Torii steps in to create visibility into murky SaaS tech stacks. It enables IT managers to discover, investigate, and control access to SaaS apps, setting limits on data access and removing unreliable apps. With Torii, you can also put automated workflows into place to ensure that employees who leave the company no longer have access to their apps or the data stored therein, which has been the cause of a previous breach and fine for at least one company so far.

The right tools can clear up your blind spots

There’s no denying that data compliance is a huge challenge, and one of the biggest elements are the blind spots that prevent you from keeping track of confidential user and customer data.
The good news is that the right tools like Torii can clear up those blind spots, ensuring that you always know where your data is and what safeguards surround it, and keep your company out of a compliance-driven storm.


Irfan Shakeel
Irfan Shakeel, the founder of ehacking project, he also hosts cyber security training classes at EH Academy. He has discovered many vulnerabilities in the famous platforms (like Google, Dailymotion, Harvard University & etc.). He specializes in Network hacking, VoIP pentesting & digital forensics. He is the author of the book title “Hacking from Scratch”.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...