EDITOR ’ S QUESTION
Collaboration tools , which are commonly used in startups , and tools relied upon for an individual ’ s own personal notetaking ( such as Notion , Obsidian , etc .) tend to process a lot of data . Despite much of this data being sensitive , it is not always clearly understood where that data is ultimately stored and how it is secured . Businesses should know exactly who owns it and who is responsible for it in terms of backup and recovery , to prevent data loss or exfiltration . part of any business ’ strategy for managing compliance and securing data .
Protecting APIs should be an integral part of any business ’ strategy for managing compliance and securing data .
Start-ups tend to prefer speed over process , which can lead to additional security exposure if not well managed . Businesses should ensure they cover the basics in terms of security . It is better to invest more time upfront , than risk losing all your data due to sloppy processes . For most modern businesses , data is their lifeblood , so it makes sense to prioritise putting security measures in place to protect it .
Today , data is increasingly exchanged via Application Programming Interfaces ( APIs ). Often , traditional security tools don ’ t have full visibility , nor a clear understanding , of the inner workings of these API services . As a result , protecting PII information becomes harder as the boundaries of responsibility become opaquer . Protecting APIs should be an integral
My advice to smaller businesses with limited resources and budget would be to limit the scope of tools they intend to support and make sure they understand the SLO / SLAs of these tools when it comes to getting data back . For example , are they responsible for the data in Office 365 , or is Microsoft ?
Finally , when using cloud-based services , businesses should ensure they understand the governing regulations when it comes to data access ( for example , CLOUD Act ) but also their own responsibilities around data protection and privacy regulation , such as GDPR . p
FILIP VERLOY , TECHNICAL EVANGELIST EMEA , NONAME SECURITY
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 35