The world is getting increasingly digital and dangerous, making an exchange of ideas about cybersecurity between friends and trading partners essential. I was privileged to get invited by GCS to the event, “Collaboration in Cybersecurity: The most important tasks for business leaders,” organized by InnovationQuarter. I spent a day listening to brilliant minds from the Netherlands, Bavaria and beyond talk about what how to make Cybersecurity a C-Suite issue.
As a data leader who is also an information and cyber security professional, here were some take aways.
Zero trust: Data leaders and the C-Suite need to take a more paranoid approach to security.
Zero trust is a security framework that assumes no user or device should be trusted by default, both outside and inside the organization’s network. This framework requires continuous monitoring and verification of user identity and access privileges.
There are many aspects of Zero Trust that are important for data leaders, but two major ones include:
Continuous monitoring: It is important to continuously monitor the status of data assets and how they are being used. Continuous monitoring is also important for data quality.
Least privilege: Give employees access to the least amount of data people need to do their jobs. Minimalistic thinking is a paradigm change, as many data leaders give their teams access to all the data they could potentially need to answer a broadly scoped range of ad-hoc requests.
Also in security there is a such thing as too many tools.
Data leader tool promiscuity is a problem. Data leaders have a proclivity to fall in and out of love with the newest hottest tools. Not only is poor vendor management expensive, but it creates an unnecessarily large attack surface.
Data governance needs to be seen as a business continuity issue. Security by design.
Data silos, data sprawl, spaghetti data pipelines create a messy and often opaque data landscape that makes monitoring and protecting data, as well as data privacy, difficult. Data platforms need to get more intentional and security needs to be part of every step of the process, not just an after thought or bar on the bottom of your data strategy presentation.
Regulations and standards are increasing. Digital needs to grow up.
New regulations and standers in information and cyber security are hitting the market in Europe and elsewhere. Data leaders should take notice for the very least to avoid hefty fines and other consequences of non-compliance.
Risks of cyber attacks and data breaches are large, omnipresent, and increasingly frequent – and sometimes include latent violence.
On the positive side, complying with regulations and standards increase trust in data from partners, customers and stakeholders.
Digital sovereignty. Europe needs to stand on its own. Digitally.
The USA is the digital hegemony. This statement is very true in Germany and in the rest of Europe. Ursula von der Leyen called for Europe to achieve “technological sovereignty in some critical technology areas” in her first statement before being confirmed as European Commission president.
More about this subject from the Atlantic Council. https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/the-european-union-and-the-search-for-digital-sovereignty/
Social media, cloud computing, the list of non-EU information technology service providers who are embedded in critical infrastructure is long. The development of a robust European indigenous ecosystem of technology providers seems far away for many.