Last week, I had the privilege of representing AvePoint at the Privacy Academy, hosted annually by the International Association of Privacy Professionals (IAPP). The conference was held for the first time in conjunction with the Cloud Security Alliance, which brought together a very interesting cross section of attendees focused on not only privacy and regulatory compliance, but also on security. This represents a trend that I have been noting for some time: the intersections between privacy with security, IT and the business, as well as policy and practice. While many of these disciplines have traditionally worked in silos, with practitioners, attorneys, and specialists focusing on their different disciplines, it is becoming increasingly difficult to maintain these boundaries in today’s modern workplace.
Privacy concerns were at the top of the minds of regulators, companies, government agencies, and individuals attending the event. Attendees included privacy practitioners and security specialists from around the world, who converged on the Academy to learn about trends and to share best practices across industries including cloud computing, big data, the “Internet of things”, financial services, global and legal developments, governance and accountability, healthcare, information security, marketing, mobile and location-based services, online privacy, and so much more.
One of the core themes of the conference was the ongoing delicate balance between privacy, the Internet of Things – meaning the interconnection of devices within the existing Internet infrastructure – and open collaboration in an increasingly interconnected world. Technology and digital communications allow companies, government agencies, and individuals unprecedented access to large volumes of data and information. Enterprise organizations are now faced with more compliance requirements, limited resources, increased risk exposure, and competing (and often conflicting) organizational interests. This business reality brings a formidable set of challenges for compliance officers.
Over the past year, we have seen an influx of compliance and data security related stories flood news outlets, including recent data breaches at Experian and Home Depot. Companies around the globe are facing a heightened demand for data privacy and compliance regulation. Many of these companies have invested in Data Loss Prevention (DLP) and Governance, Risk and Compliance (GRC) programs to help them identity data that may put them at risk.
There is often data that exists across enterprise systems such as file shares, SharePoint, social systems, and other enterprise collaboration networks referred to as “dark data” – or data that is not properly understood. Understanding what and where this data is and properly classifying it allows organizations to set the appropriate levels of protection in place, as opposed to applying security protocols in broad terms and using the same security procedures for everything. When it comes to compliance and security, many organizations are now realizing that all data is not created equal.
Now, however, in the age of Big Data, companies are thinking about their data – in particular this dark data and, more specifically, information about their customers – as an unrealized asset. However, much of that data may be lost in file shares or data silos, undiscoverable and unprotected. So what can be seen as a risk may also be viewed as an asset when accessed and protected appropriately. When investing in compliance technologies, companies can turn what was previously considered to be a cost to the business (security, privacy, and DLP technologies) into a corporate asset. Companies can repurpose their compliance programs that have traditionally been viewed as a cost center for the business to help them turn this previously untapped information into a business asset. This not only creates a quantifiable return on investment for data security and privacy programs, but also helps the company increase productivity and stay out of regulatory hot water.
To learn more about how AvePoint helps create a culture of transparency, action, and trust for your enterprise, please visit our AvePoint Compliance Solutions page.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities.
Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School.
LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en
Twitter: http://www.twitter.com/danalouise
