In a new series on security, Channelnomics examines the many ways in which security providers are being challenged by evolving approaches to data privacy. How will solution providers fit complex data-privacy issues within comprehensive security solutions? Secure Designs’ CTO Ron Culler added his voice to that of other IT security peers in the following article by Howard Fast in Channelnomics’ Security category on 3 December, 2015.
In many ways, the lock-down protection and sanctity of private, confidential, personal and corporate data transcends all other current-day business and technology issues. For, as we have undeniably – and painfully – learned in the past few years with the plethora of well-publicized data privacy breaches, if our most closely held information is up for grabs, all bets are off no matter the transformative technology.
Of late, a number of leading technology suppliers have made public their privacy policies, with perhaps the most overt examples coming two months ago from Apple and Microsoft, both of which not only hardened their positions on protecting user information, but also strategically situated them as a competitive advantage.
While that sounds all well and good, public proclamations on privacy policies not only can be tinged as soapboxing, but more importantly may sidestep the operative point: As the first and last line of defense for privacy and security solutions, isn’t it the skill, expertise, dexterity and business acumen of channel partners that ultimately shuts tight the door on compromised private data?
Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP), a 15-year-old, Portsmouth, NH-headquartered data-privacy advocate offering a set of certifications geared to IT professionals and channel partners, believes we are at a privacy inflection point.
“Privacy risk emerges whenever someone makes decisions about data across the supply chain, the enterprise and the channel ecosystem,” says Hughes. “We are at this zeitgeist moment for privacy in the new digital economy. Every new technological innovation or business model makes the field more complex and difficult to navigate.
“Channel partners with privacy skills and knowledge in their bag of tools, while small in number today, will only benefit in the future,” Hughes adds. “VARs will find that privacy will become a required expectation within every agreement they sign and their supplier partners and customers will set expectations on how privacy gets managed across the entire ecosystem.”
What exactly is private information?
With this expectation in mind, getting there will be no easy task. Outside of a few select industries, such as financial services, legal and healthcare, no privacy standards across states, countries or governments detail what constitutes private data, let alone the rules, regulations and laws governing it. As a result, CIOs, CTOs, IT professionals and solution providers are faced with trying to navigate what amounts to a many-headed hydra.
“What constitutes private information isn’t standardized,” says Ron Culler, CTO at Secure Designs, a Greensboro, NC-based managed security service provider.
“One of the biggest issues today is we’ve got 47 to 48 different data-breach privacy laws in states and territories,” he points out. “In some states there are no real laws that cover [data privacy]. Some states have data-breach laws to identify personal information and others have a combination of things.
“As a solution provider dealing with customers and different privacy rules, you have to be aware of the differences and act on that awareness,” Culler says.
With the increasing number of breaches, and with the way policies and laws are changing, data privacy attorneys are becoming an important addition for companies and potentially for channel partners, says security and investigations specialist Brandon Gregg.
“If you don’t have data privacy legal counsel, at some point you’re going to need it,” he says. “Ultimately, we need to examine what makes for private information and what doesn’t.”
Even amid an evolving landscape, privacy policies and data protection already drive a significant number of security initiatives, says Sadik Al-Abdulla, CDW’s security solutions director.
“The distinction between privacy and security is that privacy is an objective guided by policy, and security is a way to achieve and enforce that policy,” he says. “Privacy policies alone don’t affect how we craft and deliver security solutions, but they are creating a lot of security opportunities.”
And for some channel partners, privacy’s growing importance may prompt a re-evaluation and potential overhaul of their security offerings, according to Beat Kramer, CEO at Contronex, a Naples, FL-based solution provider.
He points out that the liability of providing solutions that pose a potential security risk will have some solution providers “rethinking” their current portfolio and approach.
“This is an opportunity for channel partners adapting quickly,” he adds.