In an article published on SD Times, CoSoSys’s CEO and founder, Roman Foeckl, spoke about the future of data security and the impact new data protection regulations such as the EU’s General Data Protection Regulation (GDPR) will have on the application development process. More specifically, the article addresses a new data protection requirement introduced under the GDPR: from now on applications will need to be built secure by design and by default.
What this essentially means is that, while until now the decision concerning the level of security of an app or service was left in the hands of the company or the development team building it, under the GDPR, it will be mandatory for security features protecting data to be included into the design from the first stages of the development process.
Three main options are available to companies that have to comply with this new requirement: hire developers specialized in security, train their existing staff or use technology to solve the problem. The human-centric solutions are problematic: there is a shortage of security specialists on the job market which means companies will struggle to fill their new vacancies. At the same time, training internally can produce mediocre results from developers only barely learning how to create security features within applications.
Technology offers the easiest option through Data Loss Prevention (DLP) APIs. Both Google and Amazon have launched APIs aimed at data protection, but for now these products can only be applied in their own environments or in the cloud. It is smaller companies like CoSoSys, that, through products such as sensitivity.io, offer more diverse implementation methods, moving beyond the cloud, towards local native SDKs and Security as a Service. They also provide integration options for everything from apps to popular infrastructures, clouds and services.
DLP APIs eliminate both the need for companies to invest in additional staff or training as well as the man hours needed to maintain applications’ security features. They can ensure compliance with regulations such as GDPR, GLBA, HIPAA, etc, while constantly adding new features and policies depending on how the regulations themselves are updated or changed.
To read the full in-depth article, you can visit the SD Times website.