Balancing Privacy, Security and Access

by

FountainBlue’s August 12 VIP Roundtable was on the topic of ‘Balancing Privacy, Security and Access’, with opening remarks by Samsung. Please join me in thanking our executives in attendance for their remarks and input.

Our executives in attendance represented a wide range of roles, backgrounds and industries, but they share many common perspectives around balancing privacy, security and access.

  • Balancing privacy, security and access will continue to be of primary importance. 
  • No longer will companies be able to rely on single individuals or teams to proactively manage privacy, security and access. 
  • It will take a concerted and collaborative effort, driven by senior leaders, and implemented across the organization.

Balancing privacy, security and access is not easy. 

  • Managing to ensure compliance is complicated as the data volume is huge and growing, individual users are untrained, uninformed or even unethical, and the ways data is used and the number of users continues to grow.
  • Cultural and international standards vary greatly, and many companies have employees and customers all over the world.
  • It’s hard for executives to manage the data when each data set might have different associated experts, and multiple data sets are integrated into individual applications and programs.
  • The stakes are high and are continuing to grow, so bad actors are more motivated to access sensitive data.
  • Consumers and end users are becoming more adamant about their rights around privacy, while also insisting on efficiently accessing the information they need.  

Below is a compilation of thoughts and best practices.

Be Strategic

  • Be fully aware of the type, flow, storage and distribution of data and proactively manage that data to ensure the right people have the right access at the right time for the right reason.
  • Build a partnership between the legal, technical, executive, and product/engineering teams so you can plan-fully manage product development and support.
  • Create standards and agreements so collaborations can be made to proactively manage secure access to targeted information, while respecting privacy needs.
  • Consider the needs of the team and organization over the rights of individuals, while also respecting the rights of individuals.
  • Manage to the weakest link – perhaps the human who does not set up proper passwords for access to the corporate network.

Leverage Technology

  • Leverage technologies and tools so that you can easily identify data or users or systems who may be at risk.
  • Create dashboards for your network so you can proactively manage potential data breaches.
  • Factor in different types of data (transient, persistent, meta, etc.,) as you manage, collect, store and distribute that data. 

Manage the Give and Take

  • Focus on business outcomes while respecting technical requirements. 
  • Minimize exposure and risk, especially when mission-critical applications are at stake.

Empower and Enable Your People

  • Support product and engineering teams, who are constantly challenged to create and update code to meet the shifting security, privacy and access requirements.

The bottom line is that we can all collaborate to build a Zero Trust network – where only the right Users, have the right Access, to the right Data, for the right Reason, all the time, every time. 


%d bloggers like this: