Ever since EU lawmakers enacted the block’s groundbreaking General Data Protection Regulation (GDPR) framework in May 2018, data privacy laws have sparked conversations among IT and security professionals (as well as consumers) over how organizations can best secure and store users’ data.
The ongoing debate over users’ data privacy is only expected to intensify in 2022, as a number of U.S. states, along with federal lawmakers from both parties in Congress, consider a raft of privacy and consumer protection laws designed to safeguard personal data.
This greater emphasis on data privacy and protection also has meant that IT and security professionals have started to change their approach. Businesses and other organizations can face significant fines and other sanctions if there is a breach or misuse of the personal data they collect from users.
Consider how developers must now consider the security of their applications to ensure that users’ data is protected. “A major part of data privacy is safeguarding the data. And when it comes to safeguarding data, we feel organizations should operate from a very simple paradigm: identify all the threats and then mitigate them,” Archie Agarwal, founder and CEO of security firm ThreatModeler, recently told Dice.
“Safeguarding data means different things to different organizations,” Agarwal added. “But for those involved in developing software systems, we feel strongly that the best way to identify all the threats and mitigate them is by incorporating threat modeling right into their development lifecycle. It’s the most effective way to identify threats prior to deployment, which is obviously preferable.”