Blog

Complying with CCPA – What are some of the landmines?
Data breach Data security Privacy

Complying with CCPA - What are some of the landminesThe potential landmines for compliance with CCPA is pretty high.

One of the first things is that a lot of companies don’t know how to interpret the law. We saw that with GDPR for the year prior to it going into effect. CCPA is a lot like it, but there are likely still questions.

Secondly, is the DSRs (Data Subject Requests) or the right to be forgotten. People are very in tune with their privacy these days and will want to act on it, not only for the reduction of spam, but for the identity theft potential. The requests will likely come too fast and companies with a lot of data containing personally identifiable information (PII) – the very thing those DSs will be after them for – will find themselves in a position where they don’t know where to start.

Live Webinar: Overcoming Unstructured Data Security and Privacy Choke Points

Why do so many data loss prevention projects either stall or de-scope? Why with significant industry expenditures in the space do we continue to experience record-breaking instances of data breaches and exfiltration? What are the latest methodologies and technologies security and privacy executives should consider to protect their sensitive data and comply with ever-increasing and pervasive privacy regulations such as GDPR and CCPA.

Join Deborah Kish, former Gartner data security analyst, as she shares insights gleaned from hundreds of sessions with CISO, CIO, CDO, CPO and CCOs to offer an insider’s playbook to implementing an unstructured data security and privacy program. Whether migrating from existing DLP point solutions or wondering where your unstructured data lives today, Deborah will provide a life-cycle perspective as to the best methodologies and how to avoid the pitfalls that have plagued enterprise projects.

Register for this webinar and learn how:

  • A file-centric approach overcomes data leakage shortfalls of traditional approaches and best meets new privacy requirements
  • Aligning data classification with your data protection methods will put your projects on the fast track
  • Automation and integration of discovery, classification, access control and file-based encryption is your best first line defense
Ok, the results are in!
Data breach Data security Privacy

unstructured data securityThanks to all of you who responded to my last blog post regarding unstructured data security and privacy topics you’d like to hear more about. Here’s a sampling:

Why do so many data loss prevention projects either stall or de-scope? Why with significant industry expenditures in the space do we continue to experience record-breaking instances of data breaches and exfiltration? What are the latest methodologies and technologies security and privacy executives should consider implementing to protect their sensitive data and comply with stricter and pervasive privacy regulations such as GDPR and CCPA?

Whew, that’s a lot of ground to cover – but, it confirms the complexities that surround unstructured data challenges and the uncertainties security and risk professionals face as they consider ways to attack the problem.

So, here’s what I am going to try and do over the next 90 days – between this blog, our upcoming webinars and my session (Tuesday the 18th @ 10:45 am, Potomac A, Ballroom level) at Gartner’s Security and Risk Management conference next month (oh, and come visit our booth #563)  – essentially, offer an insider’s playbook to implementing an unstructured data security program while enabling privacy controls.  Whether migrating from existing DLP point solutions or wondering where your unstructured data lives today, my goal is to provide a life-cycle perspective as to the best methodologies and how to avoid the pitfalls that have plagued enterprise projects.  Learn ways to streamline, simplify and fast-track your unstructured data project to protect it and comply with privacy regulations.

Fasten your seat belts and stay tuned!

What’s Next from Deborah’s Desk
Cybersecurity Data security Insider threat Print security Privacy

unstructured dataSo, in my last post, I mentioned a series of webinars and thought this would be a good opportunity to provide a little preview into some of the topics we’re planning on discussing.

Unstructured data, of course!  But what about it?  I’ll be discussing the challenges… kind of a “What I heard from you as a Gartner data security analyst” in a “How to navigate through the maze of methodologies, governance and technologies” sort of way.

Unstructured data is a live and growing thing that often gets overlooked.  Remember the “Wild Wild West” comment from my last post?  So I’m here and excited to help you discover new simpler approaches to gaining visibility and control over the growing unstructured data all organizations are facing.   How to discover, classify and encrypt unstructured data and prepare for and adhere to privacy regulations like GDPR and CCPA.

If you are a CISO, DPO or CDO, or even a business unit lead within your organization, you should join these sessions.  If you struggle with what functions to automate or are trying to get out from under or improve the traditional rules based approach, you should join  Would you rather have your staff spend less time fielding false positives and more time on the things that really matter? Please, join and learn how Fasoo’s extensive product capabilities can help.

Here’s the thing… maybe I didn’t hear EVERYTHING, so I’d like to shout out to the readers… I would love to get your thoughts, suggestions, and field any questions.  I want to hear from you and keep the conversation alive.  In the meantime, stay tuned… I’ll be back.

What’s New at Fasoo?
Cybersecurity Data breach Data security Insider threat Privacy

Data security Deborah Kish expert joins Fasoo

Me! After over 20 years with leading IT consultancy, Gartner, I am excited to announce that I have recently joined data security vendor Fasoo. At Gartner, my focus on enterprise data security and compliance challenges, products and technologies led me to really understand the significance of the “Wild Wild West” nature of unstructured data. On average, I advised 30 CISOs and CIOs and other security professionals every month on the challenges they face with respect to data security and privacy.

At Fasoo, I will lead marketing and product strategies in the unstructured data security and privacy space and will do this through a series of webinars, white papers and blog posts. My mission is to provide end user organizations insights into how Fasoo’s extensive suite of product capabilities can help meet data security and privacy goals because arming your organization with the right tools is an important step toward protecting unstructured data. I will also help guide organizations through the file and people centric approach that will foster stronger unstructured data security and privacy controls.

I’ve often said in my previous role at Gartner, “It has never been a more important time to be a data security analyst” and that translates to my passion to wanting to help organizations get this problem under control. I hope you will join me in the journey. Stay tuned.

By Deborah Kish – EVP Research & Marketing

Don’t Complicate Data Discovery and Classification
Data breach Data security Privacy

Classify sensitive data as confidential and encrypt itData discovery and classification is an important first step to protect your confidential data and comply with privacy regulations.  You need to identify the location of your data and its value to your organization before determining how to protect it.  Done right, this leads to a data-centric security and compliance program that is critical to your corporate brand and competitive advantage.

Unfortunately many discovery and classification projects stall or fail because solutions try to address all data needs, not just security and privacy.  Organizations get caught up in the process and lose focus of the goal, which is to protect and control sensitive information.

Think of a Layered Data Security Framework
Data breach Data security Secure collaboration

Discover, Protect and Monitor access to your sensitive dataThe barrage of data breach news on the front page should come as little surprise to any of us. The more data stored and sent digitally, the more we expose ourselves and more breaches occur.  With all the resources and money spent on preventing a breach, we might think it is reasonable to expect that the number of reported incidents decline. But yet, on the contrary, this is not what we see.

According to the Identity Theft Resource Center (ITRC), just this year to date, there have been 725 reported breaches. The traditional security model to guard the perimeter is not adequate. Today’s challenges require a layered Data Security Framework.  So, what should this framework contain to take the right preventative or restorative actions?

A Data-Centric Security Framework for a Perimeter-less World
Cybersecurity Data breach Data security

Fasoo Data Security FrameworkThe internet, its commercialization and all its technological advances have changed the way of the modern world. Unlimited information is available at the touch of a button; tasks that used to take time and effort are now much simpler.  All this technology created the opportunity for companies to find new and creative ways to grow revenues and data collection has become an essential component of many business operations.

As data is moving and multiplying at a rapid pace across boundaries, platforms and applications, users have the ability to access data in a variety of ways and data very rarely stays within the secure perimeter of an enterprise anymore.

With more and more sensitive data residing outside of the corporate perimeter, locating, securing and controlling this data presents a significant challenge.  The traditional security strategies that businesses have been relying on are no longer the viable option they once were.