Take a Proactive Approach to Compliance

Over the past few years, increasing amounts of data, from healthcare providers, law firms, banking institutions and other often-regulated organizations that provide critical services, have moved online. This is largely due to the amount of efficiencies computing offers, with, for example, hospitals being able to share patient data at the push of a button.

It’s also why regulations such as General Data Protection Regulation, Gramm-Leach-Bliley Act, HIPAA and PCI are enforced. Without their compliance requirements, some critical data might not be protected—and could be stored in simple cleartext, accessible to any entity that has gained network access, including those that are unauthorized.

Fortunately for companies and those who conduct business with them, these regulations often make it clear which data has to be most securely protected. Typically, this is done using encryption. However, the mechanisms, details and overall operation of encryption can often be difficult to manage and challenge system performance.

To address this concern and ensure that data can be fully protected more easily, IBM has pioneered the science of encrypting data wherever the data is in the system and letting the OS do the hard work. IBM has developed chip-level encryption in the new IBM z14* that can alleviate much of the challenge and surrounding encryption by enabling organizations to simply encrypt everything everywhere.

“The term ‘pervasive’ is nice because it provides the concept that everything is protected end-to-end, wherever data travels or is stored,” remarks Phyllis Schneck, managing director, Promontory Financial Group (an IBM company), and former U.S. government cybersecurity official. “For example, you really don’t want a system that requires laborious processes to lock and unlock a simple email. So, if data is encrypted from beginning to end, as the encryption ability of the z14 allows, you know the data is inherently unreadable by anyone but authorized parties, which ensures compliance to regulations that demand that your data has to be protected.”

Promontory can help companies not only understand the benefits of pervasive encryption, but also more broadly keep them in a place where they have full compliance and open communication with regulators. This allows companies to be proactive and build consumer confidence in their brand.

Additionally, as Schneck notes, “We have the very difficult conversations with executives before a crisis to enable decisions to be made thoughtfully and applied when needed in an instant. So, you have to conduct a risk assessment, prioritize your assets before buying yet another cyber toy and understand why this is important to your company.

“In the end, you’ll have an idea of what your risk tolerance is and what’s the worst thing that could happen to your company should something indeed occur. We prioritize that for you so your investments, your people, your culture are aligned with your overall security goals. And we strengthen your resilience to be sure you have a thoughtful, well-practiced response when—not if—a cyber event targets you.”

For further insight into Promontory’s services, including how it’s using cognitive computing to make security regulations easier to understand and money laundering easier to find, visit promontory.com .

—J.U.

Advertisement

Mainframe News Sign Up Today! Past News Letters