Regulations such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR) require companies to take a more data-centric approach to security. Instead of focusing simply on protecting data at different layers of the technology, enterprises need to pay attention to securing data through its entire lifecycle—from the moment it is first acquired to when the data is ultimately disposed of.
Organizations haven’t taken a data-centric approach to security because of how daunting the task can be. Many CISOs and other security leaders who might otherwise love the concept are unable to implement it because they have no idea where their data is or how it is used across the entire enterprise.
Why the new privacy laws demand data-centric security by Michael Gutsche, Edge Strategist, Forcepoint on Tech Beacon