Concerned about data protection? How can IT procurement ensure data security and reduce cyber risk for your organisation?
Day Two of ProcureCon IT is well underway and we’ve been privy to another morning of thought provoking discussion.
Procurious founder Tania Seary picked the brains of Kaushik Yathindra, Manager, Procurement Analytics, HSBC and Florian Schroeder, Head of IS Commodity & Contract Management, Bombardier Transportation to learn more about how to implement data security, the end of Safe Harbour, and the effects of Internet of Things (IoT).
Where to Start?
Why is data security so important? As Florian Schroeder pointed out, you wouldn’t leave your most valuable possessions at the front door, you’d hide them away somewhere secretive. We should consider our data in the same way and not leave it exposed to hackers.
Data security is one of the fastest growing areas of IT spend. An estimated $1 trillion is going to be spent globally between 2017 and 2021. But how do you make sure your money is well spent, and your information secure?
Whilst data protection is a huge concern for organisations, it can be difficult to know where to start, particularly given the multiple types of data security on offer. Here are a few points to consider:
- To ensure the security of both yours and your suppliers’ data, it’s first important to understand the roles of everyone concerned. How will your procurement, legal, compliance and IT teams collaborate to ensure that contracts fulfil the level of service required in your organisation?
- Consider data security in all of your organisation’s decision making whether it be Sales, Accounting or IT.
- Take what you need and nothing more. There’s no point in collecting useless or excess information. The more you have, the more that can get stolen. Likewise, only store information as long as your organisation has a need for it. And when you do dispose of it, do it securely!
- Ensure your service providers have adequate security measures in place. And don’t just take their word for it – get it in writing!
- Use complex passwords. Make sure they’re stored securely, and keep the most sensitive information secure throughout its lifecycle by encrypting data when it is transferred.
As both panelists reminded us, you can never ensure 100 per cent security while there are hackers looking for it!
The End of Safe Harbour
Changing privacy regulations can make choosing where to store your data a complex process, particularly for global organisations.
In the EU, for example, privacy laws forbid any citizen’s data to be moved outside of the EU unless transferred somewhere with adequate privacy protections.
Safe Harbour was an agreement between the EU and the US in which the US government promised to protect the information of EU citizens if transferred to the US by American businesses.
This has been an extremely convenient agreement for companies such as Facebook. These companies were, up until now, able to store all of their EU data in US centres.
Last month, however, the European court of justice ruled the agreement invalid. This will mean a lot of paperwork and red tape for US businesses trying to move information out of the EU.
Perhaps the future is in establishing EU-based centres to handle data for EU citizens? Google, Facebook and Apple are already leading the way on this.
And it’s not just the end of Safe Harbour that will shake up Data Protection policies. The General Data Protection Regulation (GDPR) framework was formally adopted by European parliament in April this year to be implemented by May 2018.
If the UK has completed Brexit negotiations by this stage, they will face pressure to adhere to the GDPR framework in order to continue trade within the single market.
Digitisation and the Rise of the Internet of Things
Kaushik explained how banks are moving towards complete digitisation in order to accommodate the next generation of customer who expect to be able to do everything online. Whilst this is great in terms of customer convenience, it presents additional data security challenges.
The worldwide Internet of Things market is predicted to grow to $1.7 trillion by 2020. More than half of major new business processes and systems will incorporate some IoT elements. It won’t be long until every aspect of our daily lives is connected. We’ll have smart bridges, smart cars, smart houses, smart vending machines…we could go on!
Of course, with great tech developments comes greater data protection challenges. The Internet of things adds a significant threat layer in which physical devices can now be hacked, have their information stolen, and even be remotely controlled.
There are a number of ways that organisations can manage data security relating to the Internet of Things. These include:
- Encrypting sensitive data as close to where it’s generated as possible, rendering it useless to attackers in the event of a breach.
- Only sharing information on a need-to-know basis.
- Applying end-to-end encryption to ensure that sensitive information captured by IoT devices is protected throughout its lifecycle.
- Procurement teams can help move the market towards a world where security becomes a part of IoT products.
In the words of Gandalf, when it comes to protecting data, keep it secret keep it safe.