The Export Administration Regulations (EAR) are a set of regulations administered by the U.S. Department of Commerce to control the export of certain goods and technologies from the United States for reasons of national security and foreign policy. Here is a breakdown of the essentials your organization should know for proper compliance. The Export Administration Regulations (EAR) Explained In...

An Introduction to FedRAMP In late 2011, the Office of Management and Budget under the Obama Administration released a memorandum that introduced the Federal Risk and Authorization Management Program (FedRAMP), noting that “[in the two years prior], the Administration worked in close collaboration with the National Institute of Standards and Technology (NIST) , the General Services Administration...

What Is ISO 27001? Everything You Need To Know About ISO 27001:2022 ISO 27001, also known as ISO/IEC 27001, is a widely recognized international standard that defines best practices for implementing and managing information security for an Information Security Management System, or ISMS. The risk-based standard was published by a joint technical committee comprised of the International...

Editor’s Note: This blog post was co-authored by Clayton Barnard, Senior Director, Global Alliances at Lookout, and Corey Markell, Associate Director, Strategic Resource Group at Fortra. The first steps for any organization in creating a data security strategy are accurately identifying all of their sensitive information and securing that data from unauthorized access, regardless of where it...

To implement or not to implement? That is the question when evaluating a new technology solution for your organization. Complicating the often daunting decision are the preconceived notions held at various organizational levels as to whether the solution is necessary, or more trouble than it’s worth. This can become especially problematic when misinformed thinking is the reason an organization...

Trust is one of the most important aspects of business, especially when it comes to the collection and use of people’s personal data. As consumers advocate for organizations to take more precautions in handling their personal data, legislative bodies are listening, and more data privacy regulations are being passed globally each year. Being proactive in complying with, or better yet, staying ahead...

When you see or hear the term “data breach” in the media, is the first thought that there must have been a hacker involved? It may surprise you to know that hackers aren’t the main cause of data loss and data breaches within organizations. Most can be attributed to insider threats, mainly by employees just trying to do their job who make a negligent error, such as sending an email to the wrong...

The GDPR in Europe was one of the first major data privacy regulations to be implemented in recent times, followed closely by the CCPA in the United States. And since its enforcement, GDPR has been seen as the “gold standard” when it comes to data protection regulations. However, it is important to remember that each data privacy regulation has differences in areas such as what and who is...

Hardly a day goes by without a media report about a data breach that involves exposed personally identifiable information (PII). In the same way an organization takes care of its employees, customers, and finances, it also needs to ensure its sensitive data, such as PII, is well protected. Let’s explore what constitutes as PII, the consequences of it being exposed, and what organizations can do to...

Cloud-based work environments are both convenient and cost-effective, especially in today’s remote world, but can present a challenge when it comes to meeting both regulatory compliance requirements and ensuring the protection of sensitive data. In order to maintain the protection of sensitive data when moving to and from the cloud , a consistent data-centric protection approach is critical. Let’s...

At first glance, it appears that data classification and Zero Trust , a cybersecurity framework, would have nothing to do with one another. After all, each has its own separate specialized function – data classification labels data based on sensitivity, and Zero Trust is meant to keep unauthorized users from gaining access to company systems and data. However, much like our environmental ecosystem...

Data privacy regulations have really come into play over the last four years. Consumers are becoming more concerned about the disclosure and use of their data and trust is playing a key role. According to a survey conducted by Salesforce , 48% of consumers said they had lost trust in brands during the pandemic due to misuse of personal information. As the world becomes more technology driven and...

It’s no surprise to anyone that the amount of data that exists is rapidly growing. A report by IDC predicts that by 2025, the global datasphere will have grown to 175 zettabyes. To put in perspective how much data this truly is, one zettabyte is equal to one trillion gigabytes – that is an astronomical amount of data. Needless to say, humans are not equipped to manually keep up with ensuring this...

Enza Iannopollo, principal analyst at Forrester, recently answered some of the pressing questions we’ve received when it comes to data security, and more importantly building the foundations of your data security strategy. Today we’re looking at what Enza had to say when it comes to implementing DLP and data classification, and if one should come before the other. Q: Is there an order in which we...

The primary reason most organizations look at classifying the data they create and handle is to control access to sensitive information, driven by the need to manage security risk, and comply with data protection regulations such as GDPR , CCPA , ITAR , and more. All organizations have to comply with the rules of their industry bodies, as well as the nation states they operate in. Achieving...

The data protection landscape and its associated compliance environment changed fundamentally with the implementation of the European-wide GDPR in May 2018, with many other privacy regulations following suit around the globe. It is no longer about what organizations think they need to be doing in order to control their data, but that they are being told what they need to do by regulators such as...

On Wednesday May 12, the Biden administration took a critical step towards addressing security issues that have come to light after several recent, high profile cyberattacks. The extensive Executive Order (EO) described the government's plan to increase cybersecurity protection across the public and private sectors as well as secure the nation's digital infrastructure against the type of attack...

Aligning Data Security with Organizational Strategy The responsibility for an organization’s information and data security is a hefty one, knowing each day that it’s not a matter of whether a cybersecurity attack will happen, but rather when it will happen on your watch. Whether data is grabbed in a headline-making breach of a well-known entity, or simple human error upends your operation, the...

What is Data Security? Generally, data security is described as all that surrounds the protection of digital data from destructive forces or unwanted actions of unauthorized users, such as from a cyberattack or data breach. By this overarching definition, the one thing data security is not is a singular software solution that claims to “do it all.” Rather, data security is a mindset and a...