By Peter Merkulov
Compliance with information security regulations is a major challenge for customers — and, depending on the industry, there’s a good chance the problem is growing even more complex as the importance of protecting sensitive data comes under intense scrutiny.
But as the channel knows, with challenge comes opportunity.
My discussions with our partners in the U.S. and abroad highlight a growing interest in technologies and services that address the security needs in verticals like financial services, government, retail and health care.
Similarly, companies that do business across international borders are desperate for help understanding and meeting the changing demands of foreign regulators. In Europe, especially, customers are scrambling to prepare for implementation of the General Data Protection Regulation (GDPR) that goes into effect in May 2018. This focus on GDPR compliance is confirmed by a recent PwC pulse survey that found more than half of U.S. multinational corporations regard GDPR as their top privacy and data security priority, and that 77 percent have dedicated at least $1 million toward achieving compliance before the deadline.
Another striking finding: Thirty-two percent of respondents plan to reduce their presence in Europe, while 26 percent intend to exit the EU market altogether. Talk about an opportunity for partners that can make sense of the EU regulatory morass.
In 2017, the emphasis for data privacy and information security is likely to be on tackling complexity, not just of threats but of the compliance landscape. Overseas trade is too important to walk away from. That’s true despite the growing uncertainty that has prevailed since European privacy advocates signaled their dissatisfaction with the Privacy Shield data-sharing trade framework that went into effect in October.
That even though the regulation gives EU citizens broad protections that could cost customers a significant amount of time and money in case of a dispute.
Compliance & Verticals: Selling and securing industry-specific solutions make you more profitable and can be an important differentiator — above even technical prowess, according to Techaisle. Ready to go vertical? Get the free report now!
Here at home, compliance with less exotic but equally important regulations is also a major driver of information security investments.
In the medical community, you’ve probably heard of HIPAA, but are you up on the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009? Financial customers – including banks, tax preparation services, loan originators, mortgage lenders, consumer credit organizations and others – are required to set and maintain strict privacy and data security programs under the 1999 Gramm Leach Bliley Act (GLBA). For retailers, the Payment Card Industry Digital Security Standard (PCI DSS) may not be law, but it is the prevailing standard of protection and one that many states refer to as evidence that a customer tried in good faith to protect customer privacy in the event of a data breach.
Speaking of states, 47 have one-off privacy protection laws on the books, each with its own nuances that must be followed, usually in parallel with others as these laws typically affect data breaches in one state involving the citizens of other states.
Confused? You’re not alone, and imagine how customers feel.
Compliance is a bewildering patchwork of laws and standards that often seem to be in conflict with each other. That confusion means that a highly personalized, consultative approach to addressing the customer’s unique situation is necessary — even at a time when the trend seems to be substituting technology for human interaction. Yes, there are tools that can make implementation of a solution easier for all involved, but they are a complement to a hands-on consultative engagement, not a replacement.
My main advice is, never meet complexity with more complexity. That’s a sure way for customers to end up less secure and compliant because when a process or technology is difficult to understand and use, your customer’s employees will find workarounds. That will likely compromise information security and network integrity.
Pull together a compliance solution that is robust enough to exceed regulatory standards, convenient for the user, with clear productivity and usability benefits for the CFO, and easy to implement and manage for those tasked with maintaining policy and compliance. I recommend offering education and training services tailored to the individual roles involved with meeting customer security and compliance goals, but also try to foster a sense of shared responsibility — in my experience, that will result in an increase in overall security posture. Do this and you’re in a great position to help both customers and your bottom line.
Peter Merkulov is vice president of product strategy and technology alliances at Globalscape.