DBTA: Will 2015 be the Year of the Regulator?

Posted on Dec 11, 2014 in Quoted by Press |

Year of the regulator

Data Security: Will 2015 be the Year of the Regulator?

Joyce Wells, managing editor of Database Trends and Applications magazine, talked to Protegrity CEO Suni Munshani about the year that was in 2014 and what was in store for 2015.

2014 has been described as the year of the data breach. 2015 will be the year of the regulator, according to Suni Munshani, CEO of Protegrity, a provider of data security solutions.

According to the Identity Theft Resource Center, there were 708 breaches that took place in the past year, grabbing headlines and sending warnings to retailers to prepare for the 2014 holiday shopping season that is now in full swing.

Against the backdrop of the still-unfolding catastrophic Sony data breach, this holiday season, what is at stake may be even greater for stores that do not properly ensure customer data. On December 4, a U.S. District Judge said that financial institutions can proceed with a class action against Target for negligence. In the past, it was the banks that were on the hook after a breach, and left to handle the responsibility for replacing stolen or compromised cards. One of the largest breaches ever, in the 2013 Target case, up to 70 million individuals may have been affected, according to Target itself.

According to Munshani, what is needed are data-centric security solutions that move beyond single-factor authentication with an overarching data access policy driven at the enterprise level not within traditional data silos, as well as enforcement of a strict data protection policy covering who’s accessing it, who’s monitoring it, and who’s storing it.

The sophistication with which attacks are being deployed is growing because the return on investment is so extraordinary in terms of the money that can be made in a very short period of time, and as a result it is a safe bet that there will be many more, says Munshani. In addition, the majority of data breaches are occurring with the right credentials, which have been compromised, as in the Target case.

Please continue reading the full article here.