How Magna5 is helping CIOs and IT Directors guide a strategic data protection plan

Magna5 recently hosted an Executive Connect breakfast event in Seattle at the Columbia Tower Club. We brought together some of Seattle’s best in technology, from CIOs to IT directors from organizations ranging from healthcare, law, finance and more. The morning was crystal clear – and if you know Seattle, that’s rare – so attendees were treated to skyscraper views and the event backdrop was that of Mt. Rainier, Puget Sound. You could say, the view was stunning.

Also stunning: some of the topics presented during the event. Over orange juice, eggs and sweet rolls (and bacon too, of course), guest presenters Adam Barr from AlienVault and Jesse Gambetti from Commvault provided expert insight on the coming GDPR regulations that are going to drastically change the way businesses have to protect data. (What is GDPR? Find out more in this blog post.) In short, the morning’s topic focused on the idea that, in addition to protecting critical data, there’s an immediate need to start preparing, implementing, and managing specific security efforts in order to comply with sweeping regulations, set to enact in May 2018.

“Failing to prepare is preparing to fail.” -Coach John Wooden

You could sense the attendees’ concern as they questioned whether their company was ready for a data breach, compliance needs and so on: Was the right plan in place? Do they need more IT people? Was there a need to better their infrastructure? How would these needs affect budgets? And, how would they know if they’d done all the right things to avoid being out of compliance?

Thankfully – Magna5’s SVP of IT Justin Cameron was on hand, and, along with Jesse and Adam, presented viable solutions that would ensure data security, compliance assurance, and, well, peace of mind that Magna5 has things covered.

“If organizations are not properly preparing for the worst possible scenario, they are setting themselves up for failure that could lead to unplanned downtime and large upfront costs, or even worse, closing their doors for good,” Cameron explains. “I’ve seen it happen – and that’s a driving reason why we’re so committed to helping businesses protect their data and plan for what’s to come.”

Granted, it’s tough to have to consider worst-case scenarios when you’re just trying to run a company – but these are the topics facing CIOs and IT Directors every day in this ever-changing, rapidly emerging data landscape.

“There is a clear defender dilemma in today’s threat landscape – the attacker has an unfair advantage,” says Adam Barr, Partner Relationship Manager at AlienVault. “Threat actors are rapidly evolving the threat cycle and attack surface because there are unlimited resources and methods to exploit vulnerabilities.”

And like Bear Bryant said, defense wins championships.

 

The data security defensive line: Jesse Gambetti, Justin Cameron, Adam Barr

It’s just not in the EU ... GDPR can still affect your organization if you're stateside

While GDPR is a European data privacy law, it will still affect organizations globally. All organizations processing information about European data subjects must be compliant of GDPR. Jesse Gambetti, Manager of System Engineering, Commvault, states, “GDPR is a massive global data regulation that not only changes the procedures of European organizations, it will affect every organization that processes data from their EU customers or has EU citizens employed. It will have a huge impact on how organizations collect and manage the personal data of EU residents.” He continues, “While many other countries don’t have these types of regulations in place, GDPR is creating a framework for future data privacy regulations and will be the world’s strictest data privacy law as of today. Organizations need to evaluate their readiness and possible risk, current data practices, processes and procedures and technology and make changes where necessary.” He then goes on to say, ”Commvault software is a key foundational element for GDPR compliance. Commvault consolidates critical data protection, compliance and discovery operations in one unified solution, giving you visibility into all the personal data you store, whether on-premises or in the cloud. This makes it easy to meet your GDPR obligations — and prove your compliance to regulators.”


So, you ask – what’s the game plan? Here’s where we think you should start:

Make data protection a top priority

Simply put, data protection and security must be a top priority for all organizations. According to a recent survey by CyberArk, despite an increasingly sophisticated cyber threat landscape, organizations are failing to proactively update their security defenses. A shocking 46% of organizations never alter or update their security strategy, even after suffering a cyberattack.

Furthermore, 46% of respondents said their organization can’t prevent threat actors from breaking into internal networks when an attack is attempted.

Magna5 solution: Reset your expectations, focus them on protecting mission-critical information and minimizing inertia throughout IT teams – and co-source with Magna5 when you need to fill gaps in your current staff.

 


Realize you’re most at risk if you’re a small business

Target, Equifax, Uber and Yahoo … all victims of large, significant data breaches. Thing is, most attacks don’t make the big headlines – and statistics show, most attacks hit small and medium-sized businesses. In fact, according to the 2017 Verizon Data Breach Investigations Report, 61% of data breach victims were small- to medium-sized businesses in 2017. Not only are SMBs growing as the favored targets, they are also the most impacted with 60% of SMBs shutting down within six months of a data breach.

Magna5 solution: Don’t have a false sense of cybersecurity confidence. Implement a multi-tiered approach that layers in defensive and offensive tactics. You can’t assume you’re secure because there’s a firewall and anti-virus. Work with Magna5 to implement the best, most up-to-date security solutions for your business.

 


Go beyond basic security services

While the security landscape continues to become more sophisticated every day, and threat actors are finding new ways to access environments, basic security services are now becoming insufficient as standalone products.

Magna5 solution: Realign your security strategy to include the three main pieces of a comprehensive security solution:

  1. Improve preventative tactics like patch management, vulnerability assessments, and firewall management
  2. Boost detective tactics like SIEM and intrusion detection
  3. Ensure 24/7/365 incident response

 


Pay close attention to the growing security challenges

Many organizations realize the need for better security but are faced with challenges that hold them back. The top five IT security challenges that SMBs face today are: insufficient personnel, insufficient budget, a lack of understanding on how to protect against threat actors, insufficient security technologies, and lack of in-house expertise. Because of these challenges, organizations are starting to outsource their security services.

Magna5 solution: Use our outsourced security services, such as managed detection and response.

 


Get ready for GDPR (General Data Protection Regulation)

GDPR is the new EU data protection directive that aims to harmonize the data protection needs and wants of all EU citizens, no matter where they reside. GDPR will come into force on May 25, 2018 and if your organization is not compliant, you could be looking at fines up to 4% of annual revenue.

Magna5 solution: Have your GDPR plan in place now, even if you don’t have direct dealings in the EU. Think of it this way, GDPR is coming stateside sooner rather than later. Prepare now.

 


Figure out how GDPR affects your business

Staying up-to-date on global requirements can make you stand out from your competitors by installing confidence in your customers that you are compliant with the law and that you have their best interests in mind.

Magna5 solution: Being proactive about data privacy is a competitive advantage and we can take a look at your strategy, and help find you better solutions.

Realize data security is not data privacy in planning for GDPR

Data security is protecting the fortress around the data from external factors; data privacy is ensuring the legal collection, use of sharing and storage of data. Many organizations might think that they are protected from GDPR by their security procedures, but this can be inaccurate.

Magna5 solution: Here is a checklist to get the conversation started within your organization on whether or not your data is simply secure, private … or both.

  • Perform a risk assessment and review all personal data held by your company, where it is located, how and why it is processed.
  • Set up an internal code of conduct and implement internal policies. Measure which take into account privacy by design and default.
  • Maintain detailed processing records and related audit information and reports – you need to be able to demonstrate compliance.
  • Spread awareness of GDPR throughout the organization and get everyone involved in data processing training.
  • Review and update privacy notices and customer/supplier contracts.
  • Review core technologies in place for security, data backup and recovery, data availability, retention and access
  • Allocate responsibility and budget

 


All’s well that ends well … if you’re covered!

At the end of the breakfast presentations, as everyone gathered around to chat further with fellow attendees and the presenters, the general tone had changed from being somewhat stunned about the coming changes, but to feeling much more prepared about the strategic plans they need to implement in order to better protect data and adhere to compliance needs – and how Magna5, along with partners AlienVault and Commvault, can help.

Magna5 has you covered!

Want to learn more about managed security, data backup and recovery or GDPR compliance?

Schedule and appointment to talk to one of our technology professionals.

Receive a Magna5 umbrella when you connect with us!