How has GDPR and CCPA changed your use or procurement cybersecurity tools?

ArchitectureStrategy
2.1k viewscircle icon1 Upvotecircle icon3 Comments
Sort by:
CEO in Services (non-Government)5 years ago

Really not much. I think the only change I see is a few more questions asking vendors if they are GDPR compliant etc.

CIO in Education5 years ago

Interesting question. I think it’s actually had a greater impact on overall procurement instead of anything specific within cyber security. The method is which we purchase all software and hardware services is being evaluated more thoroughly through a security, privacy and compliance lens. Some of that is because of GDPR/CCPA. Some of that is also because of the pandemic.

Board Member, Advisor, Executive Coach in Software5 years ago

Not much directly but in some situations avoiding an agent, a plugin, or something that requires a cookie will mitigate privacy risks.  Many security technologies in how they are architected, deployed, and how the vendor gathers and shares information actually is generating a substantial amount of privacy risk

Lightbulb on1

Content you might like

How are you incorporating regulatory uncertainty and policy changes into your technology roadmaps? What contingency planning approaches have proven most effective for your organization?

Read More Comments

What’s the number-1 factor you consider when deciding whether a new tool is worth purchasing?

Budget allocation12%

Potential process improvements69%

Onboarding & training bandwidth8%

Security & compliance8%

Reviewing prior purchase overlap1%

View Results

Data Analytics-as-a-Service (DAaaS) is a cloud-based delivery model for data analytics & AI.  What do you see as the most important enabler for you to adopt DAaaS for your business?

Ease of getting my data into the DAaaS platform9%

Tools that make it easy to create use cases with the DAaaS platform41%

A pre-existing library of dashboards and report templates to help me quickly get up-and-running32%

The ability to try out the DAaaS platform for free before buying10%

Services from the DAaaS vendor (consulting, support, training)3%

Confidence that my data is safe in the cloud2%

View Results

What methodologies are you using to evaluate trade-offs between emerging opportunities and essential infrastructure modernization? Can you share examples of how you've prioritized competing demands?

Read More Comments

‘AI’ Business Model – With many components flowing into the AI domain (cost, data, E&C, people, value, strategy, duplication of everything, etc.), I’ve started to think about splitting out ‘AI’ from the operating model and putting it into a separate legal entity. This way, I could manage a) risk and compliance, b) cost, c) resource allocation, d) governance, e) IP, f) revenue generation, etc.

Of course, this isn’t new in general, but I’m especially interested in how this approach could help with the ongoing challenge of ensuring compliance with data privacy and regulations related to LLMs and data access/usage over time.

My question: Is anyone else thinking about this, or has anyone already done it? I know there are examples in the literature, but I wanted to float this here for general comments and discussion.

Read More Comments