What enterprises need to know as they design big data environments. For IT executives responsible for modernizing big data infrastructure and embracing cloud storage, the weekly rhythm of security breach news has become a recurring nightmare. For example, earlier this year the genealogy website MyHeritage acknowledged that a security breach had led to the leak of email addresses and hashed passwords of more than 92 million users. Now that the European Union's General Data Protection Regulation (GDPR) is in effect, enterprises can face fines as much as 4 percent of their annual sales if they violate the data security regulations. The task of modernizing big data storage and deploying new cloud-based solutions has never seemed more daunting -- or more perilous.
We lock up your data by complying with: • U.S. Commerce Department's National Institute of Standards and Technology (NIST) cybersecurity frameworks • European Union's General Data Protection Regulation (GDPR) • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) • GLBA, HIPAA, SOX, and various state laws and regulations
Now that we've begun the new year, it may be the best time to revisit Internet of Things (IoT) legislation (even though the relevant bills have been on the Hill since the summer). A recently introduced bill addresses perceived vulnerabilities in the security of IoT devices sold to the federal government, and medical devices that connect to the Internet. IoT device manufacturers would also have responsibilities to ensure security over the life of the devices. The counter-argument to this legislation, however, is that disclosure and certification requirements could create additional liability for device manufacturers. The IoT Cybersecurity Improvement Act of 2017 was intended to leverage government procurement strength to manage the security of IoT devices purchased by the federal government.
Almost 60% of the adult population in the U.S. found out recently that their personal data--names, social security numbers, birth dates, addresses, driver's license numbers--could be in the hands of criminals. The disclosure of the data breach came from Equifax, a company name they probably did not recognize. The 145.5 million people impacted certainly never entrusted their personal details to its care. A new European Union regulation--the General Data Protection Regulation (GDPR)--will go into effect in seven months, strengthening and unifying data protection for individuals, giving them control over their personal data. As it also regulates the export of personal data outside the EU, it affects all businesses, including non-European, operating in the EU.
New York state isn't happy that banks and insurers are falling prey to hackers with alarming frequency, and it's determined to do something about it. Governor Cuomo has unveiled proposed regulations that would set online security standards for those industries. All companies covered by the rules would have to establish online security programs and policies. They'd have to limit access to sensitive data (say, social security numbers) to only those people that need to know, and require multiple steps when checking user identities. The rules would require constant monitoring, too.