In this episode of the SOCK(net) podcast, Yadin and Tony, along with guest host Mengchao Wu, discuss how to take the first steps in understanding what data security compliance means, how to get a crash course on the most important regulations that require action now and who to start talking to in your own company. Dave Packer, VP of Product Marketing at Druva joins the show and brings his wealth of experience as well as some best practices for approaching regulatory compliance frameworks like PCI and HIPAA.
Although regulatory compliance has been driving the rise in security spending, there remains a significant gap in understanding how these regulations affect all members of a technology team within an organization. The rate at which regulation is being passed continues to put more pressure on companies to have a solid solution. Even small and mid-sized businesses, which can now harness the national and global reach of the internet, must ensure that they are properly handling the sensitive information of their clients and employees in accordance with the applicable laws. For instance a business with around 100 employees with a footprint that crosses a few states and customers in more that two countries could be beholden to more than twenty different privacy laws.
Implementing and maintaining compliance policies and the technologies that support various governance laws can be costly, time consuming and complicated. It’s critical for companies to clearly understand which laws they must comply with. As complexity rises the need for automating processes like capturing, analyzing and managing changes to IT systems along with the flow and storage of massive amounts of sensitive data increases as well.
Among the questions we address are:
- What are the most common regulatory compliance laws that companies need to be aware of?
- What types of sensitive data do they cover?
- Finding your blind spots: What am I missing with how my data is managed?
- How can I make compliance a regular part of the business process and not just a one-time event?
- What does a well-defined software development process look like? (From tracking to automating and beyond)
- How can data retention be just as much a liability as it is an asset?
- How can I ensure clear communication between departments to create a successful and sustained compliance initiative?
Want to engage? Reach out to us on Twitter and via email at firstname.lastname@example.org.
Guest Host: Mengchao Wu
- Mengchao on Twitter
Guest: Dave Packer
Music by: www.bensound.com