One of a CISO’s primary responsibilities is to protect their company’s important digital assets, which can include corporate intellectual property such as proprietary source code and other patented technology or confidential information. However, because of emerging privacy and regulatory laws and standards, CISOs and data protection officers now also need to protect user data—personally identifiable information (PII), personal health information (PHI), and payment card industry (PCI) data.
These new privacy laws are increasing the restrictions on the use, retention, and geographic residency of user data. This requires many organizations to protect this data and its use both internally as well as with third-party vendors that handle this data. CISOs need to work with their colleagues in data protection, privacy protection, IT infrastructure, compliance, and software development to ensure compliance with these data protection and privacy laws, standards, and guidelines. In addition, the emergence and adoption of hybrid clouds and multicloud services creates new challenges for data security. Other factors—the geographic origin of data, storage location, and user access location points—further complicate what services providers and major cloud infrastructure providers need to do to secure their data.