'Most Innovative Startup 2020' by RSA - Watch the video

Learn More

Recently Rehan Jalil (CEO of Securiti) appeared on Metis podcast to discuss the state of data privacy and security.. In this podcast, Rehan shared his experience on how organizations tackle opportunities and risks due to data. A short excerpt from the podcast:

Challenges companies face due to data explosion

While data provides a huge opportunity for organizations to serve their customers in a more meaningful way, it requires organizations to implement and enforce data security and privacy practices to safeguard their customer, employee, vendor or partner information. There are five major challenges for organizations:

  1. Know where the sensitive data is present in on-premises & multicloud
  2. Discover if the data protected from external attacks
  3. Identify how the data is used and who has access to it
  4. Provide consumers rights to their data in a timely manner
  5. Assess third-party risk and security posture

Challenges in discovering sensitive data

In an organization certain data can be classified as “sensitive data”. In order to protect this sensitive data, organizations need to know where the data is held in their systems.

There are 3 major obstacles to discover data:

  1. The Diversity of the Systems
  2. The Massive Scale of Data
  3. The Attack Surface

Most common ways threat actors can breach data

Once the data has been identified, it needs to be protected. This includes both internal and external threats.

Most data breaches are caused due to unauthorized access. To reduce the risk of breaches,  organizations need to ensure that only employees who are authorized to access certain data actually do. In addition, monitoring data activities provides visibility into exfiltration attempts. Studies show that CISOs are more concerned about internal threats than external threats. Internal threats can easily bypass any security controls that may be set in place by the organization to prevent external and unauthorized users from accessing internal data and applications. Organizations that protect data from external threats only, can potentially increase the risk of insider attacks. Organizations need to secure data from an internal user’s perspective and the following framework can be used as a starting point:

  1. Data should be on a need to know basis and should have the right privileges
  2. Organizations should have automated access controls
  3. Access should be persona specific

Individuals’ legal rights to their data

Modern privacy regulations give consumers a right to their data. These rights are called Data Subject Rights (DSR) and include the right to access, delete, rectify, object processing, revoke consent and so on. DSRs are a requirement in most privacy regulations. To comply, organizations can use a data-driven & automated approach to DSR management

For more details, listen to this podcast: [https://www.metisstrategy.com/interview/rehan-jalil/]

Share this

Our Videos

cookie_video View More
01:49

Cookie Consent Management

Automate and manage the entire consent life cycle with efficiency for various cookie compliance regulations around the world.

Learn More
View More
3:00

Sensitive Data Intelligence

Discover granular insights into all aspects of your privacy and security functions while reducing security risks and lowering the overall costs

Learn More
data mapping video thumbnail View More
3:00

Data Mapping Automation

Simplify gathering information, dynamically update your data catalog, and automate assessments and reports

Learn More
View More
02:40

An IT Leader’s Perspective on CCPA

Meet Brian Lillie, Former CPO at Equinix as he discusses the potential challenges of CCPA and how the PrivacyOps framework can be the key to unlocking compliance.

Learn More
Most Innovative Startup 2020 SECURITI.ai View More
03:42

RSA Innovation Sandbox 2020: Securiti

Watch the 3-minute pitch presented by Rehan Jalil on SECURITI.ai in the RSAC Sandbox Competition

Learn More
CCPA View More
07:10

CCPA Compliance

CCPA protects consumers from mismanagement of their personal data and gives the consumer control over what data is collected, processed, shared or sold.

Learn More