Creating a strong privacy program means having an understanding of three things: 1) the current regulatory landscape, 2) the technology capabilities that support it and 3) the best practices that give control back to customers.

COVID-19 highlighted the maturity of the framework established by the General Data Protection Regulation (GDPR). This has made a noticeable difference to global privacy.

While it is important for organizations to start the privacy discovery process manually to get a feel for the complexity within their data, it becomes quickly evident that there is a need for automation to deliver scale.

One key success factor for a privacy program is the partnerships built with other organizational teams. Connect with your chief data officer (CDO) to understand what data is being used and how you can support them with privacy-preserving alternatives.

Privacy is deeply personal.

As you gain control over the data you process and turn it back over to consumers, compliance is no longer just a goal. It becomes part of the ethical fabric of your business.

The pressure to transform has increased during the pandemic and trust is central in doing so: Through 2023, organizations that can instill digital trust will be able to participate in 50% more ecosystems to expand revenue-generating opportunities.

Midsize enterprises face security risks from five major sources: 1) cyber criminals, 2) insiders, 3) hacktivists, 4) hackers and 5) nation/governance.

To overcome these risks, midsize security leaders need to invest in people, processes and technology.

In teams, where hiring a full-time CISO is not feasible, IT leaders can choose from alternatives such as virtual CISOs or outsourcing.

Midsize enterprises’ IT leaders need to assess the risk versus value while deploying game changing technologies such as big data security, artificial intelligence, cloud, etc.

Remote access VPN is arguably the most important tech for security and infrastructure and operations today.

With the onset of COVID-19, workers now need a VPN to ‘get into the office’.

The first step in brainstorming the best VPN technology for your organization is to define your use case along four key variables: 1) user, 2) device, 3) data and 4) location.

There is no one right approach to remote access - you have to understand the strengths and limitations of each solution.

Don’t use always-on VPN unless you absolutely have to.

For the paranoid security people, virtual desktop infrastructure (VDI) solutions are best. It prevents enterprise data from making it to devices, however poor end-user bandwidth is a caution for workers in disparate locations.

Classify the data that is important to your organization rather than trying to protect it all, and then pick the appropriate controls based on that classification.