Five steps security managers need to take to stay safe

Impact assessments for data security should follow five simple basic steps - check out what to do

Dec 9, 2021

When it comes to data security, strategic planning is necessary. Security managers and leaders should understand the situation, the threats and then achieve the best solutions for each problem and context. Nevertheless, impact assessments should always include Privacy Enhancing Techniques (PET), which are a necessary trend for the coming year. These techniques embody basic data protection principles. Research shows that by 2025, 60% of large organisations will adopt them for processing data in unstructured environments and (multi-party) data analytics use cases. 

A Gartner report also showed that 40% of Safety Risk Management indicate that PET is their top investment priority. But how can managers expand their impact assessments to include these techniques in their considerations?

Five simple steps should be taken.

1. Identify

It is crucial to understand exactly which problems you are trying to solve. This might sound basic, but many specialists still skip a proper analysis of the issues at hand, creating further problems. Senior IT Management needs to have a more holistic understanding and approach to cybersecurity to be able to identify problems and assess threats. This includes identifying which risks to avoid, accept, mitigate as well as specific plans in each case. 

2. Investigate

After acquiring a better knowledge of the problems at hand, it is time to investigate. For example, are PET techniques, such as homomorphic encryption, a possible solution to your privacy concerns regarding data sharing, analysing, and processing? Not every technique should be used in a broad way. Fully Homomorphic Encryption (FHE), for example, still needs more developed schemes to be used in commercial products, it might not be the best option for your company. If you identified an issue with data security that could be solved through encryption, then perhaps an approach such as Searchable Symmetric Encryption, which allows for an encrypted document collection (structured or unstructured) to be searched and matching results retrieved, could be more efficient. This analysis is part of your second step in data security.

3. Experiment

Before racing to possible solutions and techniques, it's important to experiment. The best practice is to set up a working group to test the possible PET techniques and see in real life situations whether or not they can be of help with privacy protection.

4. Operationalise

Now it's time to turn the tests into reality and set up a privacy protection operation to fix the identified and investigated issues. Managers are then able to use proper techniques to deal with concerns either by purchasing or building solutions. Or also by possibly monitoring and maintaining what they already have.

5. Evaluate

Finally, the last step is to see if the protection is adequate. Test it, check it over time, retest it. This is an ever-evolving field, and one solution might even be appropriate for a very long time - but not forever. This is why many companies could benefit from incorporating a 'cybersecurity by design' framework, which provides it with a holistic set of pragmatic guidelines that can enable the organisation to more completely consider the full remit of protection and processes which should be in place to cope with the avalanche of cyber threats. 

With this set of steps, cybersecurity managers can better protect data in usage and stored within their companies. This is especially crucial as cybersecurity threats keep rising worldwide, and it will be the case for many organisations that the best response is to delegate these steps to specialists, adopting a cybersecurity as a service approach offered by third parties.

Want to learn more about cybersecurity and how to better protect your data? Sign up for Vaultree's beta launch.