In an interview with Tufin Technologies at InfoSecurity Europe
Christopher Graham warns organisations that play loose with
customer data will not only face his wrath but also that of the
London (UK), June 12, 2012 - Tufin
Technologies, the leading provider of Security Policy Management,
today published an interview it had with the UK Information
Commissioner, Christopher Graham, during London's Infosecurity
Europe last month. In it, the thorny subject of compliance is
discussed with Mr Graham revealing he believes compliance is not
just about preventing data loss but also demonstrating respect for
customers. He argues that, if you don't care about your customers,
you're going to lose business very fast.
Talking to Micheal Hamelin, Chief Security Architect for Tufin,
Mr Graham warns, "If you don't show respect, then you're going to
trash your brand very quickly and there's a whole range of
regulators out there to get you. Here in the UK I can levy
penalties of up to £500K if you get things spectacularly wrong. I'm
not suggesting it's the first concern, but it should make the CEO
sit up and take notice."
A key theme of the discussion is that the information
organisations hold is very valuable to them, but it shouldn't be
forgotten that it's also very valuable to the individuals that have
given it. Business logic dictates that data is to be exploited,
however this also means protecting it. Mr Graham adds, "The
customer is getting quite savvy about this and they'll work out who
respects them and who doesn't. If you're one of the ones that
doesn't respect your customers, you'll lose them."
Looking at the task of protecting data and compliance with
legislation, Mr Graham advises, "This isn't about just ticking
boxes. It's about making sure that your systems work, day in day
out. There's no good saying that you had the audit a year ago and
passed, so that's fine - that's ticking the box. I'm talking about
eternal vigilance. Things can go wrong, and things do go wrong
because of the human factor, unless you take things seriously. It's
a daily task."
Both Mr Graham and Mr Hamelin agree that Continuous Compliance
is the key. Even a few minutes after an audit, if a change is made,
it could mean systems are no longer compliant. Organisations need
to look at their position every day, and also make sure that every
change remains within the guidelines of staying complaint and
ultimately respecting the customer. Michael Hamelin adds, "In a
survey conducted from our booth during InfoSecurity Europe last
month amongst IT professionals, we discovered that only six percent
had implemented Continuous Compliance in response to the EU
directive with a further 39% considering it. In my opinion, while
this is obviously encouraging, it still isn't enough."
So, be warned the ICO is watching and Mr Graham forewarns, "If
what you do involves people's personal information, and you play
fast and loose with it, you will not be forgiven."
To watch the full video visit http://youtu.be/D2rj2FPgwSQ.
About Tufin Technologies
Tufin™ is the leading provider of Security Policy Management
solutions that enable companies to cost-effectively manage their
firewall, switch and router policies, reduce security and business
continuity risks, and ensure Continuous Compliance with regulatory
standards. The award-winning Tufin Security Suite provides security
teams with powerful automation that slashes the time and costs
spent managing change and successfully passing audits. Founded in
2005, Tufin serves more than 900 customers in industries from
telecom and financial services to energy, transportation and
pharmaceuticals. Tufin partners with leading vendors including
Check Point, Cisco, Juniper Networks, Palo Alto Networks, Fortinet,
F5, Blue Coat, McAfee and BMC Software, and is known for
technological innovation and dedicated customer service.
For more information visit www.tufin.com, or follow Tufin