The firewall alone is no longer enough

For a long time, having a good firewall was the best way to protect data on your own computer or intranet. But in the age of digitization, firewalls can severely limit collaboration outside their own four (office) walls. In addition, a firewall alone is not sufficient protection. When we think of the Trojan horse, the weaknesses of a firewall quickly become apparent: once a virus or a person has made it behind the walls, there are often few ways to stop them.

brick wall

Ismail writes aptly:

"Regardless of the industry, companies need to be sure that they are driving a data-centric protection program that bases defensive processes on the movement of data rather than building a wall that stops intruders."

This realization is not necessarily new, but has to be implemented many times in the infrastructure, in the processes and also in the behavior. A good example of the problem of traditional data protection methods is, for example, data processing via mobile phone apps. Many apps protect data on the phone, but not on the way. Say, the device itself is protected, but the data transfer is not. So that would be like transferring money from one highly secure bank to the next with a rickety coach instead of a secured transporter and trained security personnel.

Data management ensures privacy

In order to implement data protection in a modern way, companies must do something that is also necessary in other areas: they must trace and map the paths of their data.

How is data collected?
Where are they stored?
How is data accessed?
How is data shared?

What happens when third parties access the data (and what do their internal processes look like?)
How do you get data from one terminal to the next?

These questions include an understanding of both technical and manual processes. What use is the most secure data processing if the employee inspects customer data visibly for all fellow travelers on the laptop while on the train?

Another aspect that Ismail emphasizes and that we have already mentioned on this blog a couple of times is the autonomy of the users or customers. Personal data protection also includes informing the appropriate person about the use of their data. Ideally, she should even have autonomy to design the use herself. In this area, a classic IT topic is closely linked to customer service. In the future, it will not only be important to comply with laws such as the GDPR, but also to leave customers the so-called "data sovereignty" and to integrate this into customer processes in the company.