The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1150262
40 perspective and to start baking capabilities into new systems development to support those regulations. Raise the criticality of this imperative to management and gain an organization high-ground by educating all key stakeholders on the impact these regulations will bring. Look to the Cloud The advanced cloud environments bring significant, credible ways to address security, regulatory compliance and application rejuvenation. These capabilities are advancing faster than industry IT pendants can even come up with meaningful names for them. For example, Gartner Group has the name "hpaPaaS" which stand for High Performance Application Platform as a Service. Others refer to "No Code" or "Low Code" cloud environments. These environments provide remarkable abilities that can address the issues of virtually all organizations completely or to some degree. These include: • Highly secure and available environments resulting in the ability to maintain delivery of business value. • Enterprise security model enforced across all applications including mobile, portals, and integration end- points. • Built-in application development, execution and runtime environments with a declarative "clicks not code" development approach speeding compliant application creation. • Certified compliance with many global regulatory bodies eliminating need to self-certify across multiple domains. • Self-documenting and current data flows, work flows, data diagrams and other application artifacts not typically available for in-house applications for compliance, reporting and application maintenance. • Built-in functions to act as a data controller or data processor for an application processing PII reducing development time. • Backup tools that track PII for extraction, reporting and deletion of PII across backups. • Event monitoring to know when specific data is accessed (such as PII) monitor and establish user data usage patterns, detect anomalies to these patterns and integrate with alerting systems ensuring compliance and detecting possible breaches. • Built-in portals for Data Subject management of PII. • Built-in mobile support with MDM. • Access anywhere and anytime. Summary There is a cybersecurity imperative in the U.S. and across the globe. Just as the ingenuity of criminals and terrorists has forced the airline industry to implement increasingly strict safety regulations and precautions for air travelers, cyber criminals are forcing the hand of regulators and IT departments to implement highly secure data systems, and organizations at large to be diligent at all times when handling sensitive data. While the task is challenging and ever-evolving, there are viable pathways to establishing and maintaining highly secure organizational IT infrastructures. ILTA S E E K H E L P Never in the history of IT cyber security has there been such a wealth of resources available to help your organization be successful with securing your infrastructure, applications, systems and personnel. Take advantage of the information troves that can be easily found on the Internet. It is important to note that your first step might be to hire a security expert at staff or management level to carry out your security initiates. There are now recruitment agencies that focus solely on cyber security expert recruitment and retained searches. Below are some sample sites to get started. National Institute of Standards and Technology (NIST) Provides information Technology and IT Security and it publishes guides and standards from a security perspective that provide a wealth of information. The Computer Security Resource Center (CSRC) provides detailed articles that describe security best practices and they also provide security assessment tools. Computer Security Resource Center: https:// csrc.nist.gov/ Department of Homeland Security National Cybersecurity and Communications Integration Center provides detailed alerts on cyber vulnerabilities across a wide array of hardware, software as well as prevailing cyber threats: https://www.us-cert.gov/ The Sys-Admin Audit Network and Security (SANS) Institute provides a wealth of informational blogs, security expert webcasts, and for-profit training. https://www.sans.org/ security-resources/blogs Cybrary is an IT Security education sites and is one of the best on the Internet today. It contains full-length college course videos that cover basic networking, training for certifications, how to code securely, penetration testing and all things security related and the content is free. https://www. cybrary.it/