Connect with us

Expert Speak

The Power of Public-Private Partnerships

Published

on

Written by Jim Richberg, Head of Cyber Policy and Global Field CISO, Fortinet

Cybersecurity is a Team Sport. Today’s technology environment is vastly different from when I retired from federal service. We have seen accelerated movement to the cloud and a shift from largely wired networks to software-defined networks. We’ve also witnessed a proliferation of Internet-of-Things (IoT) devices and dramatic growth in the breadth and power of AI-enabled services.

Layer onto these technological changes the COVID-fueled imperative to enable remote work and off-site connectivity, and the result is that IT and communications are now laser-focused on enabling the connection of users, devices, data, and computing power regardless of where these are located and how they are provided.

Meeting these demands securely is more than any single user, company, or government agency can realistically expect to do alone. At its core, cybersecurity is a team sport. Any good coach tells their team to “talk to each other out there on the field.” Cybersecurity is no different. Cybercriminals talk to each other, actively partnering to bring their specific skills to a criminal enterprise. To keep up, industry and governments must work together to share cyberthreat intelligence and have interoperable cybersecurity tools and sensors. This partnership needs to be multidimensional and multidirectional with collaboration and a two-way flow of information between the public and private sectors and within each sector.

Transparency and Trust
With so much of our lives dependent on or enabled by technology, it is important to be able to trust networks and have confidence in the security of the data flowing across them. Creating a culture of trust and greater transparency is crucial for organizations to make complex cybersecurity decisions and help users make more informed purchases. Consumers need better visibility into key criteria of the technology they use, including where it was developed or manufactured, the manufacturer, and the security posture of the technology.

This focus on trust was evident at the macro communications network level with the ban on certain companies that were deemed a national security threat. As digital technology becomes more ubiquitous, we should be asking the same questions about other aspects of our broader communications networks. Is the router in my home secure? Is my television listening to my family dinner conversations? Consumers need to be able to trust the technology they are using to increase the resiliency of our nation’s cyber posture. Increased transparency will help fuel this trust.

Transparency and trust can be addressed through market forces. For example, although the number of IoT devices in use is growing dramatically, many of these devices lack even rudimentary security capabilities. It can be difficult for even sophisticated consumers to determine which devices have adequate security.

The Human Element
Partnerships should extend to supporting consumers as well. It is not realistic to expect consumers to successfully “go it alone” in understanding cybersecurity. The person using their home computer, the small business owner buying a Wi-Fi access point, and the school administrator purchasing equipment for students all need support.

Addressing the human element is part of our cybersecurity mission. We are working to help build the cyber workforce of the future and ensure that all members of society have cyber awareness and fundamental competence in cybersecurity. We have dramatically expanded our award-winning free training on cyber threats and good cybersecurity practices because educating users at every level is critical to our collective security.

To succeed, efforts with users must begin at a young age and involve partnerships across government, industry, and academia. Fortinet has made significant commitments to this cause through the Fortinet Training Institute. For example, we have committed to training over 1 million new users by 2026 to help close the sizeable cyber skills gap; and we are on track, having achieved over 43% of this goal by the end of 2023.

Expert Speak

Hidden Champions: Behind These Popular Applications Are Hard Drives

Published

on

Written by Rainer W. Kaese, Senior Manager of Business Development Storage Products at Toshiba Electronics Europe
(more…)

Continue Reading

Expert Speak

How to Secure MSP Success Brick by Brick

Published

on

Written by Roman Cuprik, content writer at ESET (more…)

Continue Reading

Cyber Security

Is Consent the Gateway to Ethical Data Usage Practices?

Published

on

Every tech company under the sun is grappling with data privacy and protection policies and laws. However, consent is crucial when it comes to data collection and processing. Having the user’s consent to use their data is imperative. While securing the data after collection is also important, using customer data without their consent causes more serious issues. Without obtaining consent from the user, any data that you use for your business falls under the unlawful use of data regulations.

Users of the well-known platform Glassdoor, which allows individuals to anonymously review their employers, allege that the site collected and linked their names to their profiles without their permission. Glassdoor users have expressed alarm, and the issue has been widely featured on social media and news-sharing sites. They fear that their anonymity could be compromised if data about them is collected and added to their profiles.

The issue here boils down to a single word: consent.

The gray area of obtaining consent
Organizations can knowingly or unknowingly exploit users’ personal data without proper knowledge of data privacy. It is not enough just to get consent from users; explicit consent is required. This includes ensuring the user selects checkboxes during the signup process, enters their email address, authorizes receiving marketing emails and newsletters, and grants the app permission to track user data in specific situations.

But when it comes to verbal consent, there is ambiguity. The GDPR accepts verbal consent but requires written or recorded proof of the consent given. The GDPR states that, “when requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.” Therefore, it is better to record or have written proof of verbal consent; one must not assume or misunderstand that verbal consent only includes oral consent.

Often, there is less visibility of data usage for customers. More often than not, customers do not know what they are giving consent for or how their data will be used. Let’s take the case of location data sharing.

Location data can show if someone visited an abortion clinic or a cancer treatment center. People usually want to keep this type of information private and not share it with companies or third parties. When consent is given without knowing what it is for, the act of giving or obtaining consent becomes meaningless.

Why consent is important in ethical data practices
Although you are legally required to obtain the user’s consent to process their data, there is also such a thing as the ethical use of data. When you take measures to protect your customers’ data beyond what the law requires, it promotes trust among your customers.

People value privacy and appreciate brands that prioritize data privacy. Let’s say a consumer is given the option to choose between two brands: one with no privacy features and another that advocates for privacy with built-in privacy features. Which do you think the customer will choose? Obviously, the latter.

Understanding a company’s data privacy policy is crucial to 85% of consumers—even before they make a purchase, a global study determined. Equally as important, 40% of individuals have changed brands after discovering that a company failed to protect customer data adequately, according to the McKinsey Global Survey on Digital Trust.

This is why tech companies go out of their way to demonstrate the privacy features they offer and how user consent is prioritized in these features.

In a way, customers prioritizing consent compels companies to integrate ethical data privacy policies into their systems. But it’s time companies realize that consent is the backbone of data privacy regulations and take customer consent seriously, not just to avoid hefty fines, but to also value the customer’s choice and their right to privacy.

A final word
Organizations worldwide are facing issues with data privacy. What is important when trying to protect your customers’ data is to realize the role customer consent plays. This helps organizations develop features and draft policies with the customer’s consent in mind and to effectively communicate to the customers why they are seeking consent. Without this step, data privacy becomes compromised. So, both organizations and customers need to grasp why consent matters and advocate for the ethical processing of data.

ManageEngine is a division of Zoho Corporation that provides comprehensive on-premises and cloud-native IT and security operations management solutions for global organizations and managed service providers. ManageEngine strongly believes in privacy by design and continuously advocates for user privacy. Established and emerging enterprises—including nine of every 10 Fortune 100 organizations—rely on ManageEngine’s real-time IT management tools to ensure the optimal performance of their IT infrastructure. Learn more about ManageEngine’s comprehensive suite of IT management solutions here.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.