How cloud security, data privacy, and cybersecurity convergence drives successful careers
Washington State is implementing major data privacy legislation to protect consumer health data. The My Health My Data Act grants people the right to access, delete or withdraw consent concerning collecting, sharing or selling their health data. It includes express consent requirements and other privacy requirements.
This is the latest in a string of privacy-related laws passed in various states, countries and regions. Such laws have everything to do with cybersecurity. Security professionals are increasingly tasked with ensuring that data remains secure and is being gathered, stored, and deleted by applicable privacy rules.
Learn Cloud Security
The evolution of privacy and compliance
Compliance and privacy regulations are evolving. Rules such as PCI and HIPAA were primarily oriented toward protecting your data in your environment. They provided prescriptive recommendations, such as encrypting data at rest. Modern privacy regulations have a different orientation. They lay out the types of data with privacy implications, such as personally identifiable information (PII) and protected health information (PHI), and tell you that if you lose or abuse it, you will face steep fines. The recent wave of privacy laws tends to be less prescriptive about what you do to protect data and privacy. Instead, they leave it up to you to figure out how to put the right controls in place to comply with the regulations.
This is bringing about a shift in emphasis within the security industry. It is no longer all about detecting, excluding and remedying malicious traffic. Verification of identity is now an essential element to safeguard endpoints and infrastructure often situated outside of the data center. As part of this, IT is tasked with ensuring that user data is stored and used responsibly and that privacy needs are respected.
“Customers will want to do business with you because you are responsible, have the right controls in place and that you are making sure that only authorized entities see the data,” said Ameesh Divatia, CEO of cloud data protection company Baffle. “Privacy is not just good business; it’s also good for business.”
Learn Cloud Security
Privacy know-how broadens career potential
Those about to enter the workforce and those seeking to maximize their earning potential often wonder about the key learning areas they should pursue to assist with career advancement. The powerful combination of skills at the intersection of data privacy, data security, and cloud security will likely be a significant future asset in the job market.
Knowledge of privacy regulations, security technologies and the cloud will put you directly in the center of an expanding field. Instead of a privacy person on the team saying not to do this or that, or an IT person implementing security solutions without a full grasp of the privacy implications, the truly valuable people will be those who can view security, privacy and the cloud holistically.
As the implementation of controls is very different depending on whether they are on-prem or in the cloud, Divantia urged people to obtain privacy certifications as a good way to understand what they’re protecting and how to ensure data protection in an increasingly cloud-based world. That can assist in bringing security into the conversation much earlier. It should be built into applications, not a bolt-on.
The current focus tends to be on privacy controls limited to detecting and preventing data exfiltration. That is too late in the process. It is better to start at the beginning of the pipeline by encrypting data as it is created and tokenizing it as it goes in to make it fail-safe.
Privacy and usability balance
Privacy is more vital than ever in today’s world. However, privacy controls should not get in the way of usability and efficiency. One way to achieve this is to understand what data is public and what is private. For example, a car’s license plate number is viewable by anyone. Adding privacy controls to such information is unnecessary, increases system costs, and can inhibit overall functionality and performance. However, the identities and addresses associated with those license numbers are private and must be kept so.
Divatia said that we must take care in system creation to ensure the requirements for privacy and usability are balanced correctly. Protect privacy completely where needed and either get rid of data you have no business collecting or is no longer needed.
Those that get it right can look forward to an improved image, better customer goodwill, and a growing market share.
Learn Cloud Security
Privacy as a competitive differentiator
Data privacy programs are not just about complying and checking the box to ensure you did all the right things and that no one can come after you. It’s about embracing the right security paradigms to do better and look better than your competitors. Customers want to do business with you because you are responsible that you have the right controls in place to make sure that only authorized entities see their data. Thus, sound knowledge of cybersecurity, the cloud and data privacy can become a competitive differentiator.
Watch the full episode of Cyber Work with Ameesh Divatia of Baffle on the Infosec website.
Learn Cloud Security
Build your cloud security skills and get hands-on experience in Infosec Skills. What you'll learn:- Cloud architecture
- Cloud management
- Cloud pentesting
- CSP security features
- And more
In this Series
- How cloud security, data privacy, and cybersecurity convergence drives successful careers
- The rise of cloud computing: Trends and predictions
- Understanding the basics of cloud infrastructure: What you need to know
- Secure cloud computing: What you need to know
- Working across multiple cloud service providers: CSP security learning path
- Securing cloud-based applications training: What you need to know
- Security risks of cloud migration
- DevSecOps in the Azure Cloud
- Amazon Athena Security: 6 essential tips
- Securing cloud endpoints: What you should know
- AWS security and compliance overview
- CloudGoat walkthrough series: IAM privilege escalation by attachment
- CloudGoat walkthrough series: EC2 server-side request forgery (SSRF)
- CloudGoat walkthrough series: Remote code execution
- CloudGoat walkthrough series: Lambda Privilege Escalation
- Information security strategy for the hybrid and multi-cloud
- CloudGoat walkthrough series: Cloud Breach S3
- CloudGoat walkthrough series: IAM privilege escalation by rollback
- Working with CloudGoat: The “vulnerable by design” AWS environment
- Malicious Amazon Machine Images (AMIs)
- Key findings from Ponemon’s State of Vulnerability Management in the Cloud and On-Premises report
- Cloud Pentesting Certification Boot Camp: The ultimate guide
- Cloud Based IDS and IPS Solutions [Updated 2019]
- AWS Security Monitoring Checklist [Updated 2019]
- Amazon Inspector: A cloud-based vulnerability assessment tool
- System administrator vs. cloud administrator
- 5 key cloud security use cases
- Deep Packet Inspection in the Cloud
- Honeypots in the Cloud
- Biometrics in the Cloud
- Open-Source Intelligence Collection in Cloud Platforms
- How to Safeguard Against the Privacy Implications of Cloud Computing
- AWS Cloud Security for Beginners — Part 2
- AWS Cloud Security for Beginners — Part 1
- AWS Security Monitoring Checklist — Part 2
- Rise of the Rogue Cloud: The Fundamental Security Mistake Enterprises Make and How to Correct It
- Controlling the Risks of Cloud-Enabled End-Point Security Products
- The Ultimate Guide to CCSP Certification
- Five Reasons Why Security Professionals Need the Cloud
- Amazon S3 Buckets-Hardening
- Cloud Service Reconnaissance
- Cloud Computing Security: Be Secure Before Moving to Cloud
- Cloud Technology Bringing New Possibilities in Threat Management
- Attacking the Cloud
- Man in the Cloud Attacks: Prevention and Containment
- Cloud originated DDoS attacks
- Where Is Your Data Safer? In the Cloud Or On Premise?
- DDOS Protection for Public Cloud Customers
- Security Barriers in the Adaptation of Cloud Technology
- SIEM as a Service
- Cloud Security Incident Compensation
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Cloud security
Cloud security