Everyone wants data security

Data security is becoming increasingly relevant for companies and authorities. Instead of focusing on protecting the network and the perimeter, they must first and foremost protect the data itself. To do this, they should assign them a confidentiality level and derive from this what may and may not be done with them so as not to expose them to increased risk. This enables them to protect data regardless of where it is stored and thus ensure the security of their intellectual property in distributed IT environments.

But that's not all. A data-centric IT security approach also helps companies and authorities to meet numerous compliance requirements, as many laws, regulations and standards now demand precautions for data security. IT security specialist Forcepoint shows what these are.

1. data protection laws

The GDPR requires companies to take appropriate measures to protect personal data from loss, theft or unauthorized access. They must also ensure that customers can exercise their data protection rights. They must be able to provide them with information about what data they store about them and delete data on request. However, companies that operate internationally not only have to deal with the GDPR, but also with other data protection laws, as the majority of countries around the world have now introduced laws to protect personal data.

2. IT security laws

The European Union's NIS2 Directive aims to improve cyber security in the EU and imposes strict requirements on companies that are classified as critical and important entities. These requirements include real-time monitoring of sensitive data and restricted access to such information. The directive is soon to be transposed into national law in Germany and integrated into the existing IT Security Act. This law will therefore affect significantly more companies than before

3. industry standards

In addition to general laws, many companies are confronted with industry-specific regulations and standards. The recently enacted EU regulation DORA, for example, is intended to strengthen the digital resilience of the financial sector and requires financial companies to protect the availability, confidentiality and integrity of their data. The industry standard TISAX regulates information security in the automotive industry and ensures in particular that uniform security standards are adhered to when exchanging sensitive data and prototypes. Many automotive manufacturers now require their suppliers and service providers to be TISAX-certified.

4. standards

The ISO 27001 standard for information security management systems also focuses on the security and protection of data. The new version of the standard from 2022 is accordingly entitled "Information Security, Cybersecurity and Privacy Protection". Companies seeking certification for the first time or seeking recertification must implement new security measures. These include the classification of information, information security when using cloud services, the deletion of information and the prevention of data leaks.

"Modern data security solutions can significantly help companies and authorities to meet the numerous compliance requirements for their data security," explains Frank Limberger, Data & Insider Threat Security Specialist at Forcepoint in Munich. "Good solutions reliably detect data across all storage locations and classify it largely automatically with the help of artificial intelligence. This enables organizations to know what sensitive data they have and where it is located. In the form of guidelines, they can then set specifications for the permissible handling of data and monitor compliance in order to detect and prevent data breaches."

Source: www.forcepoint.com/de