FountainBlue's July 14 VIP Roundtable was on the topic of 'Balancing Privacy, Security and Access'. We were fortunate to include a wide range of executives and perspectives for this month's roundtable. Below is a summary of notes from a fascinating discussion.
It is challenging for all IT, Security and management executives to balance the need to protect the privacy of individuals and organizations, while also managing the security of the data, information and IP, and dynamically providing access to the right people at the right time for the right content and right applications. But this overwhelming challenge is a part of managing any organization today - independent of size, industry, or geography.
Below are thoughts on today's evolving IT landscape.
The network will continue to be the 'passthrough' or 'gateway' to access, whether that network is hardwired, embedded, on the cloud, or even provided as-a-service.
Solutions are complex, customized and dynamic, ever-changing based on macro and micro factors such as changing policies, shifting geopolitical challenges, innovation and risk appetites, market evolution, technology adoption and integration opportunities, productivity and profitability concerns, customer and staff requirements, etc.,
IT's former guideline of 'hard on the outside, soft on the inside' have evolved as internal threats from everything from malicious code implemented internally to IP theft and even supply chain attacks.
Below are some best practices for balancing privacy, security and access:
Identify and provide weightings for the vectors which would impact your strategy including:
compliance on privacy and security requirements
(internal and external) customers' need for access to data, tools and information and the timeframe needed
geopolitical events which would impact near-term and longer-term policies
short-term and long-term objectives
customer, alliance and partner requirements
Collaborate with stakeholders to develop a comprehensive IT strategy, one which is clear on the Who, What, How, Where, Why questions, one that optimizes performance, connectivity and access, and one that is modular and simple to update when the need arises.
Plan for short-term and long-term needs of the organization and its people.
Create a strategy which balances innovation and risk appetites for the leaders and organization and develop solutions which keep that balance in mind.
Provide data-driven dashboards customized to the needs of individual customers so that they can make informed decisions around their IT, in alignment with the approved strategy.
Implement a strategy which helps ensure that the right parties have direct and efficient access to the critical elements which keep the network securely running, providing dynamically-generated, permission-based access only to the approved parties.
Dynamically update policies and strategies based on a rapidly changing landscape. For example, ratification of privacy and security laws are on the upswing locally, nationally and internationally, so keep informed update strategies based on updated policies.
Design modular hardware and software solutions which are informed by the overarching IT strategy.
Strategically automate report-creation so that you can focus on the larger challenges.
When reviewing network access data, look for patterns which are significantly deviating from past occurrence as this might signal suspicious behavior which may compromise the integrity of the data and the network.
There might be more of an emphasis on individual levels of control to create customized access to networks, based on individual preferences. It's up to companies to provide that option and ensure that individuals are protected regardless of the preferences they set.
The bottom line is that businesses and relationships are based on trust, and respecting the privacy and security of information and providing efficient, permission-based access to informed reports and data will help organizations and leaders earn and retain that trust.