An organisation in today’s cloud-based world has unstructured and structured content which can include IP, customer, current employee and former data, strategic plans and roadmaps, financial material, payroll data and even new product plans. Not only is this the most valuable material but it can also be the most difficult to protect. Furthermore, it also accounts for the vast majority of corporate data used and shared by employees, 3rd party suppliers and customers.
Therefore, you should have the ability to discover, classify, protect, and monitor your personal and sensitive data and you should be aware of 4 words – Data Security Posture Management (DPSM) which should not be confused with other types of security references which are wide and varied. DPSM focuses on the data and your handling practices and although it is not specific to personal data, we certainly recommend you apply this lens.
So, what is it then?
Data Security Posture Management is self-explanatory, it focuses entirely on your data handling practices for the most part with these four factors:
- Data Discovery – This is an essential function that scans an organisation’s infrastructure to identify data sources with the intent to return a map with a detailed data source view.
- Classification – Not every piece of data is subject to the same level of scrutiny and regulatory policies. You need to identify and classify the sensitive and personal data that is relevant to your company and most importantly against the legislation that applies to your operations including duplicates and old data. If you can’t classify and streamline you can’t protect what you don’t know. This is a rather important component to understand.
- Protect – Guard your personal and sensitive data by applying various policies and controls to prevent unauthorised access (both internal and external), misuse and theft.
- Monitor – Once you have all the prerequisites in place and created a baseline, you need to monitor your personal and sensitive information carefully by tracking and auditing its movement and usage.
DSPM handled properly can help your compliance program by enabling the discovery and classification of all of your various data sources in direct relation to the regulations and jurisdictions that might apply to your business.
Why now?
Highlighted in a prior article titled ‘The Future of Privacy in Australia,’ the trajectory of privacy in this country, much like in other global regions, is likely to be shaped by rapid advancements in technology, changing social norms, and evolving legal frameworks. We are seeing a much greater focus on personal data protection with the introduction of potentially stricter laws and regulations later this year which amongst many things means more control for individuals and consumers with greater scrutiny of an organisation’s data handling practices.
It is now more than ever, crucial you stay ahead of not only community expectations and regulators but take decisive action to protect yourself and your personal data from breaches and violations.