Blog

Tag: security framework

EU-US Privacy Shield and the Future of Data ProtectionThe European Commission adopted the EU-US Privacy Shield on July 12, 2016 as a replacement for the Safe Harbor rules that were overturned by the European Court of Justice in October 2015.  This new framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States as well as bringing legal clarity for businesses relying on transatlantic data transfers.

The new EU-US Privacy Shield is an example of stronger privacy and security frameworks that affect US and European businesses as they collect, manage and share personal data.  Ensuring the security of personal information, no matter its location, is no longer a technology issue.  This is a business and trade issue.  If I am a US company and want to do business online or in person with businesses and citizens of the EU, I must guarantee that sensitive personal data is always under my control and that only authorized people can access it.

It’s important to protect and control all traces of this information whether it’s inside or outside your organization.  This includes being on mobile devices or in the cloud.  The best way to achieve this is by protecting the information with strong encryption and applying persistent security policies that travel with the data.  This ensures that only authorized people can access the information and use it.

One additional wrinkle in this situation is the recent Brexit vote in the UK.  If the UK moves forward with untangling itself from the EU, how will this new framework affect companies in London and the rest of England?  Will the UK abide by these rules?  Will the US, UK and EU need another framework to address privacy and security issues?

Some UK citizens and businesses are already talking about moving to other countries as a result of the Brexit vote.  This could exacerbate the movement of sensitive data as employees leaves organizations and go to competitors or businesses move their own stores of sensitive data.  In both cases there is the possibility of data breaches and legal problems.

In the recent Ponemon study “Risky Business: How Company Insiders Put High Value Information at Risk” 56 percent of respondents say they do not educate their employees on the protection of files containing confidential information and 72 percent are not confident they can manage and control employee access to confidential files.  How will businesses protect sensitive personal data that moves between countries and businesses, if they can’t even control employee access?

If organizations train employees on how to handle sensitive data and implement persistent file-based encryption techniques to protect this data, they can ensure that hackers and malicious insiders will not be able to bypass traditional security measures and access confidential information  I assume that when I share personal or sensitive information with a company, they will protect it so that only authorized people can access it.  If a company can guarantee that my information is safe, I will do business with them.  If not, I will go elsewhere.  This is the new business reality today.

TJ Kwon, Fasoo CTO, speaks to KOCSEA Technical Symposium on data securityTJ Kwon, Vice President and CTO of Fasoo, Inc., participated in a Cyber Security session at the 16th KOCSEA Technical Symposium at Harvey Mudd College in Claremont, CA on December 10, 2015.  TJ’s presentation was entitled “Fasoo, Security Framework for enterprise document security” where he discussed using the framework as the best way to protect and control sensitive documents from getting into the hands of hackers and other unauthorized users.

Fasoo was a sponsor of the event that brings together academic and industry computer scientists and engineers to discuss numerous technical topics that affect education, industry and government organizations.  The symposium also provided a venue that spurs collaborative research among industry and academic graduate researchers.

The Korean Computer Scientists and Engineers Association in America (KOCSEA) is a non-profit organization of Korean and Korean-American computer scientists and engineers in North America that promotes communication, information exchange and cooperation among its members and to provide opportunities for them to make contributions to computer-related fields in Korea and U.S.

Among the participants was a consulate general and a program director of the National Science Foundation (NSF), who focused on cyber security.  The event helped academics and industry colleagues understand the state of technology and some of the current and proposed research in cyber security and numerous technical fields.

 

Categories
Book a meeting