By PrivSec Report2020-05-12T13:34:00
Implementing data protection is an ambiguous area of responsibility for too many organizations, and well-meaning truisms like “Security is everybody’s job” do not help the situation.
Implementing data protection is an ambiguous area of responsibility for too many organizations, and well-meaning truisms like “Security is everybody’s job” do not help the situation.
Long experience in the field across different industries confirms this, whether the businesses in question create software for external customers or only for internal use.
Given the lack of clarity about who is ultimately responsible for data protection, it is no wonder that so few organizations empower a specific functional team to effectively address this issue.
The result is that data security and governance too often fall between the cracks, not truly belonging under the CTO, the CIO, business units, or even the CISO or the compliance team.
There is an answer to this dilemma: put the responsibility for data protection in the hands of the application owners who create or manage the applications that use the data, and empower them - and the development teams that work with them - accordingly.
Site powered by Webvision Cloud