Hello, my name is Luis Fuka. And in this section, we will discuss data security challenges. We will go over some of the top common challenges of data security and protection. Then we will look more closely at four industries and their unique challenges. There are many challenges to keeping your data safe and secure, here are four challenges that c-level executives face when ensuring their organization has a comprehensive workable data security solution. They include explosive data growth, new privacy regulations, operational complexity, and the cybersecurity skills shortage. Explosive data growth, not only our business has continuously accumulating data. The rate of data accumulation is increasing. Data is coming in from new sources, new types of sources, and each source has its own data protection, privacy and security requirements. As an example, the data gathered from mobile phones used to be almost exclusively about which calls were made and when, as well as text messages. As phones got smarter and more connected, new types of it emerged. With the advent of inexpensive global positioning system sensors, it became easy to track location. Improvements in one type of technology would leverage other types of technology. Phone cameras could take pictures, but at first, they had to be downloaded onto a secondary device before they could be shared widely. The increase in inexpensive and ubiquitous bandwidth encouraged users to take and share more pictures and videos. It also allowed surreptitious monitoring. The ability to run an application meant more data sharing, and more opportunity for background data gathering. As an example, fitness applications could gather health information, more troubling, a game application could surreptitiously gather information not related to the game. All this data must be protected from inappropriate use, as an example, automated red light cameras used for enforcing traffic regulations. Also gather time location in informations for vehicles of law abiding citizens, this data needs to be subject to privacy and protection requirements as well. So, keeping up with a growing number and variety of data sources, providing data across multiple contexts, adds layers of complexity to the data security challenge. Related to this explosive growth in data is the increase in new privacy regulations. Concerns about data security and privacy have given rise to new legal requirements. These regulations vary in their scope and focus many of them overlap. However, they carry the force of law and failure to comply can bring significant penalties, even if there is no data breach. In addition, when a data security breach occurs and no security protection solution can be perfect, security breaches are inevitable. It is critical to be able to have a security solutio that is legally defensible. That is a complied with applicable regulations. Furthermore, different regions and different regulatory agencies have their own sets of regulations. The General Data Protection Regulation or GDPR was created to protect the privacy of individuals in the European Union. It applies not only to organizations based in the EU, but also multinational organizations. And even organizations entirely outside of the EU, that offer goods and services to people in the EU, or just monitor the behavior of EU citizens. The California Consumer Protection Act or CCPA, has requirements that overlap, but do not fully coincide with the GDPR. It applies to a different set of organizations than the GDP, therefore, it is possible to leverage some of the measures to contain, to comply with the GDPR, to implement CCPA compliance. However, there will be some differences. The future will bring new measures by other governments. Brazil's LGPD is scheduled to become effective soon. Some predict the United States of America will implement an overarching data security and protection regulation on the federal level soon. Complying with these new regulations can be a daunting task, besides these regulations, there are data standards that may not have the force of law behind them. But which are expected by your customers or are necessary to comply with, to prove due diligence in case of a breach or legal action. An organization must implement the payment card industry data security standard or PCI DSS, in order to do business with major credit card brands. The next challenge we will address is operational complexity. An organization's critical business systems may span many different departments, and be interwoven with other business systems and applications. Movement to cloud and the adoption of big data technologies increases capabilities, but also increases operational complexity and introduces more points of vulnerability. Critical business systems probably rely on crucial tools and resources from a variety of third party vendors. These tools and resources have their own points of vulnerability, many of which are out of the direct control of your organization. One way in which operational complexity affects data security and protection is in determining who oversees various aspects of data security. And which roles have which responsibilities and authority. A key tenant of effective data security is the need for one roll which has overall responsibility for data security and the authority to implement necessary measures. The corporate culture may resist this consolidation of authority and transition to a centralized data security model. Cross Silo coordination is both necessary and difficult. To implement a useful data security solution, you must enact meaningful and effective policies, and procedures not only for the many points of focus in the organization, but for third parties as well. Data security may drive operational strategy as an example. You may decide that keeping certain types of data in a third party cloud is too risky, necessitating a movement to bring that function back internally to a private cloud or moving to a more reliable vendor. This can lead to friction within an organization. As an example a vulnerability assessment, audit must function in the context of change management, and will generally have to be carefully planned to mesh with business requirements. You may not be able to just shut down a database server right away, to fix a data security problem. You must wait until a scheduled outage and receive the buy in of asset stakeholders. Such as database managers and business managers, that depend on the database server to generate revenue. Addressing the security of that database will take place over multiple iterations. Each iteration targeted towards the most pressing issues with changes, and the resulting security improvements carefully managed and documented. So, we have explosive data growth, that means more data to manage and protect. We have new privacy regulations, so we have new policies and procedures to implement. More auditing reports to be generated and reviewed. We have operational complexity, which means, complex resource intensive projects to plan and implement. And who do we have to do all this? We have a cybersecurity skills shortage. Not just now, but for the foreseeable future. We must plan for this, cyber security is hard. It requires trustworthy skilled experienced people. People with not just technological skills, but people skills, because data security is ultimately about people and we need people to do all this. We need security professionals that are adaptable, compliant, dependable, inquisitive, and resilient. We need to seek these people from all sources, inside and outside the cybersecurity industry. We need to invest in these people and innovate new ways of facilitating their development. We need to focus on skills, and a whole new set of credentials, besides traditional college degrees. We cannot expect the government or the workforce itself to be able to fulfill this need. Traditional educational institutions are trying and struggling to fill the gap. We need to help them in this struggle. Innovative training resources such as IBM Zone Security Learning Academy, can help address this problem. Finally, you must leverage the people you have to get the most out of them. This means buying top-quality tools and automating processes as much as practical. So, we have talked about four top challenges. And remember, there are more challenges than this. We have just started with these four. In the next segment, we are going to talk about some common pitfalls.
