It is clear that the pace of digital disruption has no intention of slowing down and organisations will not allow security functions to stop them from adopting new digital business models in a timely manner. One of our previous blogs on ‘Business Resilience’ addressed this topic and the need for security professionals to embed security into the fabric of their digital transformation projects rather than bolting them on afterwards. This becomes increasingly important as the regulatory landscape continues to put pressure on businesses to implement robust data security controls, especially with the European General Data Protection Regulation (GDPR) looming.
However, rather than just focusing on imposing new fines, the GDPR seeks to transform the underlying culture of enterprise security by requiring controls to be built-in from the outset. It requires organisations to adopt a ‘Privacy by Design’ (PbD) approach to projects, which promotes privacy and data protection compliance from the start. This comes into the new data protection regulation as recognition that security controls are often added as remedies as opposed to being built-in.
Out of the seven principles of ‘Privacy by Design’, two principles that perhaps will make the most impact on best practice security and GDPR compliance are ‘privacy embedded into design’ and ‘end-to-end security’. Both of these principles reinforce the need for strong security controls in the early stages of any project and throughout its lifecycle. But how can organisations ensure these are carried out in line with strategic objectives, embraced by all functions and are backed by the business?
GDPR will not be the last legislation or security project that organisations have to face, therefore treating ‘Privacy by Design’ as one aspect of a holistic Enterprise Security Architecture (ESA) will create an opportunity to embed wider security controls and projects into the design stage of IT projects, as well as every other stage in their lifecycle.
Whether adopting 'Privacy by Design' principles, partnering with a strategic security partner or implementing a new security governance framework, integrating these initiatives into a wider Enterprise Security Architecture will become ever more important in the enablement of ‘Security by Design’ and enable businesses to differentiate themselves from the competition as trusted organisations that take security and privacy seriously.
For more information on how to embed privacy and security into the enterprise architecture, download our thought leadership paper here.