Road Trip or Road Rash? Compliance, Meet Security

I’ve been on the road a lot lately. Literally, I’ve been in the car, traveling along every kind of road, alongside virtually every type of vehicle you can imagine. And I sometimes found myself noticing things about the people who were driving all those cars, trucks and motorcycles. The motorcyclists were the ones I found most interesting, but not for the reasons you may be thinking.

I noticed that while some bikers rode with the bare minimum of physical protection, others wore full helmets and visors, with heavy leather gloves, boots and jackets. And some bikes looked like they rode right out of a 1960s movie. No fenders, windshields or visible crash protection. Meanwhile, others had all that gear and then some.

But while those minimalist riders may actually be fully compliant with today’s regulations, it’s clear that they’re not doing everything they can to protect themselves.

That got me thinking about what it really means to be compliant, whether you’re cruising down the road on two wheels or trying to ensure that your business is compliant with all the applicable laws regarding data security and privacy. Yes, it’s hard for me to keep my mind off work, even when I’m not in the office.

IBM Experts to Discuss Compliance and Security at Think 2018

What’s more, we’ll be exploring the challenges of connecting compliance and security at IBM Think 2018 on March 19–22. So I’d like to walk you through some of the ways we’ll address helping our clients get ahead of preparedness around new regulatory mandates — including the General Data Protection Regulation (GDPR). And we’ll discuss the challenges of working toward both compliance and protection as you extend your security program to cloud, mobile or a new customer base.

For a view of the big picture, I’ll be offering a session on automating and enforcing continuous security compliance. We’ll examine the core compliance challenges facing enterprises today, key issues impacting the landscape, best organizational practices for helping to adapt to these changes and how you can leverage technologies across the IBM Security immune system to address your compliance needs.

In another far-reaching session, “From ‘No’ to ‘Know’: Privacy Meets Innovation,” Grace Murphy and Leslie Wiggins will explore key trends impacting the data privacy landscape today and provide several recommendations for how businesses can address their growing need for implementing comprehensive data privacy programs without sacrificing innovation — by leveraging the IBM Security Guardium portfolio of data security solutions.

Helping Organizations Achieve GDPR Readiness

Moving on to the topic of GDPR, David Jarvis, security and CIO lead, IBM Institute for Business Value, will join me for a Think Tank presentation: “Get GDPR-Ready—Because Data Protection Is About to Get Personal.” When GDPR takes effect on May 25, 2018, it will impact organizations conducting business with individuals in the European Union (EU) — consumers, employees and business contacts alike. As of that date, you’ll be expected to be ready to meet new, uniform data protection regulations relating to the information of EU subjects. And if you aren’t yet ready, you could potentially face hefty fines and other penalties. We’ll walk you through the details of the IBM Security GDPR framework, developed to help our clients achieve GDPR readiness.

I’ll also be participating in a GDPR-focused panel discussion with David Jarvis: “The Transformative Power of GDPR for People and Business.” We’ll explore how GDPR is transforming organizations today and how it will do so in the future. We’ll discuss how GDPR can deeply change organizations — improving security and privacy, creating more engaged customers and driving better data strategies. And David will spotlight the latest research from the IBM Institute for Business Value.

Don’t miss my GDPR deep dive: “GDPR Security-Focused Show and Tell: Tools and Techniques to Help Your GDPR Program.” GDPR applies to most organizations conducting business with the EU, even if they’re not located on EU soil. And enforcement begins in less than 90 days. Are you ready? I’ll be sharing a “show and tell” focused on security and based on client experiences around the world. And I’ll fill you in on the IBM GDPR Framework — a methodology that identifies GDPR-specific activities and deliverables to help you on your journey. You’ll learn how it can help you get there more efficiently, whether you’re drowning in spreadsheets, tired of scanning for personal data, struggling to figure out how to automate data subject rights and produce audit trails, or trying to determine which controls to implement or how to measure your progress.

And for an important discussion of solutions designed to help you meet compliance mandates, there’s this: “New Capabilities of IBM BigFix Compliance: What They Mean for You.” I-Lung Kao and Dan Montgomery will provide details on two new capabilities of IBM BigFix Compliance — a powerful solution used by IT operations teams to monitor endpoint configuration compliance based on industry. First, there’s policy management, which lets a security team effectively create and customize an endpoint security policy to harden an organization’s security posture or meet regulatory compliance requirements. In addition, vulnerability posture reporting allows security and compliance teams to get the current status and details of vulnerabilities impacting endpoints.

Of course, that’s just a small sampling of what you’ll find at Think 2018 later this month. I really hope to see you there. And please let me know if you arrive by motorcycle. I may have a few questions for you.

Watch the full session from Think 2018: Automate and Enforce Continuous Security Compliance

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

Cindy Compert

CTO Data Security and Privacy, IBM Security

Cindy is a technical visionary driven by wanting to make a difference around the world, advancing the health, safety,...