Ephrem Tesfai, the Sales Engineering Manager at Genetec, speaks about how data security and compliance has changed in the recent years
How has the need for data security and compliance changed over the past year?
The past year has uncovered vulnerabilities across multiple verticals as data security becomes a rising concern. The need for compliance to avoid potential breaches increases one news headline at a time. As seen in the Genetec EMEA Physical Security in 2021 report, physical security professionals have embraced digitalization and have started shifting their operations and data to the cloud.
While this allows better data protection, it does not leave them immune to data breaches and cybersecurity risks. The report also outlines that cybersecurity is more important than ever in the physical security industry following last year’s events, with decision-makers in the sector choosing to prioritize it moving forward.
As the focus on data security increases, so does the augmented need for compliance with local regulations. Complying to data security standards globally, regionally, and is becoming more important for consumers and companies. Both sides can benefit from compliance and be harmed by the lack of it for personal and legal reasons.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
With the continuous evolution of technology, securing data has become more complex as the cybersecurity landscape is perforated with impending threats. Therefore, companies need to put together best-practice standards and frameworks to ensure that their data is secured and remain compliant with the relevant regulations.
This begins with staying informed about new laws to reinforce cyber resilience and avoid penalties for non-compliance if your network is breached. Companies need to be well prepared at all times, not only when expecting an audit. As data security can be compromised at any given moment, remaining compliant and implementing the correct methods to counter these risks is essential. For this, regular cybersecurity risk assessments are required.
Companies also need to create a data security framework based on access control and identification, which means stricter accessibility to footage on an internal basis to ensure that sensitive data is available only to those with the relevant credentials. Regulations concerning what is done with the video surveillance footage need to be set and define where the data is stored and the disposal of any irrelevant data.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
As the General Data Protection Regulation (EU GDPR) came into place, this has forced many countries to reevaluate their existing data compliance regulations and frameworks, including the MENA region. With countries within the region operating differently, there is no one-size-fits-all in terms of data protection regulations. For example, the UAE’s Dubai International Financial Centre (DIFC), Dubai Healthcare City (DHCC), and Abu Dhabi Global Market (ADGM) have chosen to enact their specific data protection laws.
The latter has been inspired by the EU GDPR as well as other international best practices. These rules and regulations outline the requirements for collecting, handling, disclosing, and using personal data in the different areas and the rights of the individuals whose personal data is held.
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
With countries within the region strengthening their data protection laws, Genetec aims to provide its clients ease of mind for both physical and data security. Physical security solutions should protect its clients’ people and assets while also helping them remain compliant by integrating policy and regulations in the platform and allowing the creation of security and operational reports acting as evidence for audits.
Genetec products also highlight the need to provide robust cybersecurity defenses within physical security. As physical security solutions can be an entry point for threat actors to access enterprises’ networks, it is essential to focus on how crucial it is to unblur the lines between physical and cybersecurity. Genetec solutions are built with core cybersecurity pillars in mind, including encryption, authentication, authorization, and privacy.
Do you believe the line between data security and data privacy has started blurring?
Security and privacy go hand in hand, and companies must maintain a balance between the two. Securing the individual’s data means ensuring their privacy, which can be done by implementing regulations within the video surveillance sector to protect unconcerned individuals. With stricter rules globally, video surveillance technologies will be forced to adapt to find a balance between security and privacy.
Providing safety and protection to the public cannot be done without collecting personal, private data such as identity details, images, and videos. Video surveillance vendors need to move forward with product development with privacy and security as a priority in mind. This will achieve compliance and strengthen trust between vendors and clients. In turn, the clients, and the individuals that these technologies are protecting. When security is assured, privacy is provided in turn.