How strong, flexible data protection controls can help maintain regulatory compliance

An effective approach to data protection controls embraces ethical standards and anticipates new requirements. Here’s how some CISOs and other experts tackle the issue.

1 2 Page 2
Page 2 of 2

These discussions are an indication that the cultural shift is taking place. "I'm very heartened when people ask me those questions," says Chernyshov. The need for collaboration goes beyond corporate walls. "It's also important, in a position like mine, to belong to not only groups in our own organization but to be looking at external resources."

That includes being part of organizations like AIIM International, the Association for Intelligent Information Management, where she is a board member. It also includes continuing education. Last year, Chernyshov completed her master's in legal studies in the field of cybersecurity and data privacy from Albany Law School. "You need to be constantly educating yourself about these issues, whether through professional certifications or continuing education in some other way," she says.

Security is everyone's concern

Security needs to take the lead in setting up necessary controls to meet new regulatory standards, says Capgemini’s Williams. Security needs to champion the idea that cybersecurity is never done and can't be ignored, and to evolve security frameworks to protect data as it moves beyond corporate perimeters—to the cloud, and to home offices. The security frameworks must be more data centric than they have been in the past, Williams says, "and more identity centric than they have been in the past."

Williams agrees that security leaders need to be enablers and facilitators to protect the business, but a bigger challenge is to drive a cultural change in the enterprise. "Performing business securely is a responsibility of business leaders, not security leaders," he says.

Copyright © 2021 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Microsoft's very bad year for security: A timeline