Many facets of internet privacy must come together to provide the best possible protection for users, and it all starts with each application and platform doing its part. According to Curtis Simpson, chief information security officer at the cybersecurity platform provider Armis, the way organizations protect their users comes down to what kind of data the user is providing.
Understanding user data is the first step to proving strong privacy and security, Simpson said. “We’ve got to be looking at what personal information is flowing through our environment unprotected,” Simpson explained. “Gaining visibility to that clear tech data that are linked to the landscape and first and foremost understanding that.”
Suppose applications and platforms that users rely on for protection understand the kind of personal data they are entrusted to protect. In that case, it will make it exponentially more accessible for them to do so. Simpson, though, cautioned: “Unfortunately, in most environments we see, a lot of that data is not encrypted. It’s flowing through networks, going outside of the company, and can be intercepted and stolen by anyone,” he said. This can be a scary thought for many users. It is not uncommon to browse the internet, assuming a certain level of anonymity will be provided. That is why it is so essential for organizations to take crucial steps to grant users protection.
However, understanding data goes deeper than encryption. Simpson said there are many levels to personal user data, and platforms should strive to have a clear picture of all of them. “What we should be doing from there is taking a step back and looking at things like where is this data coming from? Who is it being shared with? And taking action,” he began.
Simpson explained that an excellent way to learn these things is for organizations to create data flow maps. These maps provide a physical representation of how data is created, who starts it, where it goes, and who needs access to it, making it easier for companies to protect their users more securely. “We’ve got to do that legwork because what we have to do is set a standard, monitor the standard, and continue to build controls around the standard,” Simpson explains.