Nezar Edwan, the Regional Accounts Manager for Saudi Arabia at Infoblox, speaks about data security and compliance
How has the need for data security and compliance changed over the past year?
The COVID-19 pandemic accelerated digital transformation and drastically changed the way things are done and our daily lives. This has imposed a massive impact on the data and data security, making it more challenging to safeguard it from corruption and unauthorized access by internal or external sources.
At the same time, the importance of securing data has grown more critical, as organizations that suffer breaches also suffer financial loss, reputation damage, consumer confidence disintegration, and brand erosion. Furthermore, new government and industry regulations around data security make it imperative that organizations and companies achieve and maintain compliance with these rules wherever they do business.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
With the evolution of technology and networks, several security standards and frameworks exist which address different cybersecurity needs and business sector requirements. So, there’s no single best security standard or framework, as each serves a specific purpose and is designed to address certain gaps and issues.
However, ZTNA is becoming very popular today, especially with digital transformation and the adoption of modern work styles such as like WFA, WFH & BYOD, as well as SASE–an emerging cybersecurity concept that Gartner described in the August 2019 report entitled ‘The Future of Network Security in the Cloud’.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
Locally within the Kingdom of Saudi Arabia, the National Cybersecurity Authority (NCA) introduced the Essential Cybersecurity Controls (ECC) after conducting a comprehensive study of multiple national and international cybersecurity frameworks and standards.
NCA developed the controls by reviewing legal and regulatory requirements, global cybersecurity best practices, analyzing cybersecurity incidents and attacks on government establishments, and considering the opinions of various prominent businesses around the country.
What according to you are the best tips that companies need to follow to comply with data security regulations?
Start simple by adopting a step-by-step approach. First, you need to understand your business and what security regulations apply to you. Then, identify how the digital transformation will affect you on the business level.
Next, determine the data and the assets that you own and what level of impact the transformation will have on those assets. Lastly, determine what conditions should be in place to gain access to your assets, and establish data access policies.
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
Infoblox is a technology leader in DNS security and enterprise-grade DNS, DHCP & IPAM (DDI). Many security regulations and frameworks such as ZTNA and NCA/ECC recognize the necessity of DNS security in emerging networks.
This is because the DNS control plan can provide a layer of foundational security and offers network administrators the ability to gain centralized visibility and control over all of your computing resources, following the tenets of Zero Trust. DNS can be a source of telemetry, helping to detect anomalous behaviour (for example, a device going to a server it usually doesn’t go to) and to analyze east-west traffic. DNS can also continuously check for, detect and block C&C connections. For every cloud and on-premise data center that your enterprise uses, DNS can be a centralized point of visibility and risk reduction.