Business Day (Nigeria)

New laws on data privacy and security are coming. Is your company ready?

- ANDREW BURT

Companies today are often not equipped to sell secure software, because they are not incentiviz­ed to do so, and because consumers are in no position to demand it. But this market failure won’t last long.

Government­s are in the process of passing new laws to ensure higher standards for software security and data privacy. The era in which tech companies inadequate­ly test their software for security and privacy vulnerabil­ities is coming to an end. Last year, for example, California became the first U.S. state to enact basic standards for software used in the “internet of things.” And various pro

shouldn’t wait to take action. To start with, they should not only gauge their level of security in terms of the patches they install or the incidents they respond to, but also consider the labor-intensive, ongoing processes they devote to preventing privacy and security vulnerabil­ities. That means that the time devoted to testing software and maintainin­g it once it is deployed will become central metrics in securing enterprise data.

Companies that create and deploy software can ready themselves by adopting two additional strategies.

First, they must focus on embedding security processes into the software design and deployment life cycle as early and as often as possible. Companies that purchase software should continuous­ly track their attack surface and ensure that the teams appointed to simulate attackers are actively probing company networks and testing security readiness.

Second, companies need to connect the resources they spend on privacy and security to the volume and complexity of the code they seek to protect. As the number of lines of code in any given software system grows, or as its user base expands, organizati­ons will have to increase their efforts to protect the privacy and security of their customers.

Soon, a less than robust software security strategy will become more than a public relations liability; it will become a serious legal vulnerabil­ity. It’s best to be prepared.

officerand­legalengin­eeratimmut­a.

?? ?? posed state laws around the country would raise the penalties for privacy or security failures. Similar efforts are ongoing around the world, from India to Brazil. Software companies and their corporate customers
posed state laws around the country would raise the penalties for privacy or security failures. Similar efforts are ongoing around the world, from India to Brazil. Software companies and their corporate customers

Newspapers in English

Newspapers from Nigeria