In the past year, we’ve had extensive conversations with dozens of our customers and partners from various industries. Here are the top three trends we’ve gathered based on what they’ve seen:
1) Mo’ vendors, mo’ data (and mo’ problems)
We figured music legend Christopher Wallace’s paraphrased saying is an apt description of heightened expectations of safeguarding customer data and privacy, especially with the California Consumer Privacy Act (CCPA) in effect as of a few days ago. While the regulation targets large companies (i.e. those with annual gross revenue of at least $25 million), the mandates set out by the Act apply to smaller companies as well – specifically the requirements around vendors and partners’ management of sensitive data.
Now more than ever, you need to periodically audit and monitor your vendors and partners’ security and privacy practices. And if they haven’t already, your vendors and partners should provide proof of data protection and privacy safeguards. They should also share with you reports and proof of certifications like SOC 2 and or ISO 27001 attesting to the security of their systems, controls, and policies.
2) Security and compliance is everyone’s responsibility
Given the much greater emphasis on data and privacy protection from both consumers and regulators (thanks to Target, Equifax, Marriott, and all the organizations who couldn’t be bothered to beef up their security practices), we see this year being the start of the “no excuses” approach to security: organizations will increasingly require that anyone looking to do business with them needs to walk the proverbial security walk.
What does that mean for you and your org?
3) Leverage the right PPT fit for your org’s needs
For SMBs like our customers, enterprise-grade security and compliance tools are no longer out of reach (or overkill, for that matter). From what our customers and partners have seen since 2017, security and compliance software tools for SMBs have greatly proliferated and have offerings addressing everything from intrusion detection to continuous vulnerability and compliance scanning. And ensuring the right people are assigned to using those tools and the well-thought out processes are created to support them will make those tools’ adoption that much easier.
That’s why it’s even more important for you to thoroughly do due diligence on any compliance tool you’re evaluating from both a risk assessment and an org fit standpoint. Why?