Last week, the EU Court of Justice annulled the KNOWLEDGE Cover Shield agreement between the EU and the US. The agreement was the mechanism through which U.S. corporations can simply process and use privacy-related knowledge from a similar resolution in 2015 on the old safe harbor mechanism. The implications are broad and far-reaching, and corporations of all kinds will have difficulty demonstrating compliance with popular contractual clauses, or CCS, which can be used in contracts to ensure that privacy knowledge is processed correctly. This is particularly complicated because many organizations have turned to software as a service and the knowledge centers that support it. The question now is how CIOs and RSSIs exercise their knowledge autonomy and seamlessly identify which providers can arrive early enough to avoid fines compared to those they can’t. That is, which ones operate under the provision of confidentiality from conception and which do not.
One term we will hear a great deal is sovereignty of knowledge, the precept that knowledge will have to remain in national or even regional physical jurisdiction to be sure that the legislation and practices of this region are the highest authority. This is very similar, but not the same, to the autonomy of knowledge, which to put it simply is a matter of authority and control over knowledge: you where you deserve to be, how it deserves to be used, who deserves to see it, how to solve it. and how to make sure your policies are executed the way you need them. There is an overlap between the two ideas, but it is not 100%.
CSC are not just words to fulfill a contract. These are measures to be reflected in technical architectures and business practices. Companies should be able to technically make some autonomy of knowledge and then perform certain sound business practices such as the following use of knowledge, processing claims and declarations of intent. Of the two, the first is the most complicated if knowledge structures, applications, storage, usage instances, and other interactions with knowledge are not personal through design.
On the other hand, the conversion of business processes is much simpler. Hiring other people in the right places, creating policies, and implementing operations are human efforts and can take place in a matter of weeks. Changing the architecture takes years, and adding it overdue in the game can result in a degradation of functionality, availability issues, feature limitations, and claims that are difficult to perform and difficult to verify. Audits will be especially painful when things happen at their own pace.
After examining knowledge internally, discussion in convention halls deserves to compare the knowledge of employees, consumers, and partners in non-organizational third-party knowledge centers. Do you know where he is and you can tell what’s wrong with him and him?
And then it’s time for tough conversations. Providers will need to provide for CSC compliance, and caution symptoms will be a mischising what is needed, claims that big data or device learning (or even AI) require sharing knowledge (which is not the case) or attempts to redefine knowledge. In the end, there will be many excuses; However, now is the time to ensure that you have the autonomy of knowledge and that you can apply the sovereignty of knowledge. Privacy restrictions and regulations will be increased, and any provider in any box that cannot give a schedule will be increased to know how and when it will turn out that this is not proven in terms of confidentiality.
Data is not a right of possession; it’s a privilege to interact with him. The European style will begin to influence more, and even if we get a Knowledge Coverage Shield 2.0 (Safe Harbor 3.0?), It will only give a transient respite to it and security service providers who collect giant amounts of knowledge. It is also a wake-up call to ensure that knowledge is used for the purposes for which it is collected and not for behind-the-scenes business styles. The privacy revolution is underway and recent EU decisions are not the end of the book, but the end of a first bankruptcy of a longer story. Let’s do all the paints to integrate personal design into everything we do, especially in a world of paintings from anywhere with more and more cloud installations and third-party knowledge centers used.
Sam Curry is CSO in Cybereason. He is a security visionary and opinion leader and has been interviewed through dozens of journalists, has published articles and spoken in
Sam Curry is CSO in Cybereason. He is a security visionary and an opinion leader and has been interviewed through dozens of journalists, has published articles and spoken in the media about security trends, threats and the “cyber” effect on all of us. Previously, Sam was CTO and RSSI for Arbor Networks (NetScout) and was CSO and SVP studies at Microstrategy, as well as senior security positions at McAfee and CA. He spent 7 years at RSA (EMC’s security division, where he was a prominent engineer and associate candidate) as chief operating officer, leadership generation director, and senior vice president of products. Sam also holds 24 security patents since his time as a security architect, has been a leader in two successful startups, and is a board member of Cybersafety Coalition, SSH Communications and Sequitur Labs (in the IoT security area), as well as several sending advisors across the security spectrum.