Navigating Data Security Challenges in Highly Regulated Industries Webinar: Key Takeaways and Insights

Data security in highly regulated industries is an evolving challenge. Organizations are constantly faced with the struggle to balance regulatory mandates with security best practices. 

During a recent Votiro webinar, Ravi Srinivasan, CEO of Votiro, met with leaders of highly regulated organizations, including Yabing Wang, CISO and VP of Justworks, Bill Brunt, Director of Data Security Services at Novacoast, and Mark Cromer, Chief Technology Transformation Officer at Farm Bureau Bank. Together, the guests shared their insights and strategies for tackling data security challenges, balancing regulatory compliance, and adopting new technologies.

The discussions delved into the importance of visibility, control, and innovation, with a consensus that by staying ahead of regulatory demands and leveraging cutting-edge technologies, organizations can better protect their data and maintain robust security postures.

This article delves into the major themes discussed, highlighting practical advice and experiences from these industry experts.

Data Security Challenges

Visibility and Control

There was a familiar emphasis on visibility and control over data. Many organizations, especially in regulated sectors like healthcare and finance, still struggle to understand their data’s journey clearly. Yabing Wang succinctly summed up the difficulty, effectively saying the fundamental concern is, where the data is and where it goes, and how it is transmitted. This question is at the heart of data security. Visibility is essential for effective security and compliance because it allows organizations to monitor access, detect anomalies, and protect sensitive data from unauthorized access and exfiltration due to breaches.

Third-Party Risks

Wang also highlighted the significant risks associated with third-party breaches, emphasizing the importance of understanding strictly how external parties interact with an organization’s data. Wang raised critical questions about whether organizations genuinely know where their data resides when handled by third parties and what data these entities can access. This concern is increasingly complicated by integrating AI technologies, which add another layer of complexity to data management and security.

Regulatory Compliance

Balancing regulatory demands with effective data security practices remains a significant challenge. Mark Cromer strongly advocated focusing on data security over regulations, which best protects the business and its customers. He argues that by focusing primarily on meeting compliance, organizations might overlook the nuances of emerging cyber threats that regulations often fail to address promptly. A compliance-first mentality can lead organizations to adopt a checkbox approach—doing just enough to meet specific standards without necessarily safeguarding against actual risks. Instead, Cromer advocates for a robust security infrastructure that includes advanced technologies, thorough staff training, and regular updates to security practices, all aimed at creating a resilient system that adapts to evolving threats.

False Positives

Bill Brunt of Novacoast illuminated one of the most persistent and vexing issues in data security: the challenge of false positives. As data flows through systems, accurately identifying what constitutes a real threat becomes complicated, often leading security systems to flag benign data as potentially malicious. This misidentification can result in a significant waste of resources, as IT teams spend time investigating and resolving alerts that pose no real threat. Brunt emphasizes that developing more sophisticated filtering mechanisms is crucial for enhancing data protection efforts.

By refining these systems to better distinguish between genuine threats and harmless data, organizations can focus their security resources more effectively. This improves the efficiency of their data security operations and ensures that real threats do not go unnoticed amidst the noise of false alarms.

Adoption of Generative AI

Early Involvement of Security Teams

Wang noted that Justworks took an inclusive approach to implementing generative AI technology, a strategy that began with a grassroots effort driven by enthusiasm from various team members, ensuring that security was integrated from the outset. By involving security teams early in the process, the team has been able to embed security considerations into the foundation of its AI initiatives, effectively minimizing potential security issues as these technologies are developed and deployed.

Standardization and Policies

Brunt highlighted policies’ crucial role in steering AI adoption within organizations. He pointed out that while they support and promote the use of AI, initiating the process with clear policies ensures that users have a guided framework for adopting these technologies. By advocating for the selection of standardized AI platforms, he emphasizes that such an approach guarantees a uniform and secure implementation throughout the organization, aligning with established security practices and compliance requirements.

Business Use Cases

Cromer emphasized the importance of aligning AI adoption within organizations to actual business needs. He advocated that pursuing technology, particularly AI, should be firmly rooted in clear, definable business objectives. This approach ensures that AI projects are not just driven by the allure of new technology but are implemented to address specific challenges or enhance operational efficiencies within the organization. 

For AI to deliver real value, it must be integrated in ways that advance the core missions and goals of the business. This strategic alignment helps prevent the common pitfall of adopting technology for its own sake, which can lead to wasted resources and projects that fail to impact the bottom line. Organizations can ensure that their investments are justified and optimized for maximum return by anchoring AI initiatives to tangible business reasons. 

Regulatory Frameworks and Decision Making

Proactive Approach

Both Brunt and Cromer advocate for adopting technologies and frameworks proactively. Brunt remarked, “We help organizations create policies from their business requirements down to use cases.” This method prepares organizations for future regulatory requirements and ensures robust data security practices.

Internal Security Prioritization

Cromer highlighted the primary focus of their security efforts on protecting the assets of their bank and customers. He stressed that while regulations play a role in shaping their security measures, the overarching priority remains to ensure robust data protection. This approach ensures that the integrity and security of customer and bank data are always at the forefront of their security strategy.

Emerging Technologies for Data Security

Fundamental Controls

Wang emphasized the foundational role that certain fundamental controls play in the framework of data security, highlighting that despite the emergence of new technologies and methodologies, basic practices such as data discovery, tagging, classification, encryption, and data loss prevention remain pivotal. According to Wang, these controls form the bedrock of any robust data security strategy. While the landscape of data security may evolve with new technologies, these basic measures continue to provide the essential framework for effectively protecting organizational data.

Innovation and Comprehensive Solutions

Brunt stressed the importance of pursuing innovative and comprehensive solutions in data security. He described cybersecurity as a continual challenge, likening it to a cat-and-mouse game between defenders and attackers. Leveraging the latest technological advancements is essential to avoid potential threats and effectively protect data. This proactive approach is vital to maintaining robust and effective data protection strategies.

Leveraging Microsoft Security Capabilities

Brunt also discussed how Microsoft’s security features are extensively utilized across various organizations, detailing their approach of combining these capabilities with specific frameworks and industry regulations to enhance data protection. By integrating Microsoft’s robust security solutions with other technologies, organizations can more effectively refine and manage their data security strategies, ensuring a comprehensive approach to safeguarding sensitive information. 

Votiro’s Approach to Navigating Data Security

Zero Trust and Data Detection & Response

Ravi Srinivasan described Votiro’s commitment to a zero-trust methodology for protecting data, emphasizing their strategy of uniformly addressing threats and privacy risks across all data usage points. This approach underscores Votiro’s emphasis on comprehensive data security measures. Additionally, their data detection and response (DDR) capabilities equip organizations to effectively tackle a broad spectrum of data security challenges, ensuring thorough protection in diverse environments.

File Type Expertise and Intelligent Examination

Brunt praised Votiro’s expertise in file types and their intelligent approach to examining and filtering data. “Votiro breaks it down into these component parts and examines it in a much more intelligent fashion,” he noted. This method reduces false positives and ensures that only safe, necessary information is passed through to users.

During the webinar, the leaders shared practical strategies, innovative solutions, and firsthand experiences. Watching the full session is highly recommended for those seeking to enhance their understanding and capabilities in data security.

We hope you’ll share this article and the webinar link with colleagues and professionals in your industry to help raise awareness and promote best practices in data security.