Speakers
Synopsis
Before a business asks itself ‘what controls do I need to implement to comply with regulation’, they need to ask themselves ‘how can I shrink the surface area of my business that is subject to regulation,’ and 'can I do the same thing in a different way, to end up with a lower security hurdle?'.
After banging the "data backburning" drum for close to a decade it's finally getting traction, and organisations across Australia are now recognising the dangers of holding excess data - particularly Personally Identifiable Information - and data sprawl. If you don't store the data, you don't have to pay to secure it. Many organisations miscalculated the cost of security required to hold sensitive it, and the potential costs of a breach. That is now recalibrating, but it is just the beginning: this data cleansing is just step one in a much broader sea of opportunities for reducing an organisation's threat surface.
This presentation will look at the decisions and actions organisations can take to improve their security posture not by adding controls, but by removing things... removing fields from data sets, removing entire data sets from the business, removing business lines, removing operating markets and so on.
This may sound counter-intuitive coming from a security professional, but many companies would be better off avoiding security requirements, rather than implementing more security.
The simplest example almost all businesses and security professionals can relate to is credit card processing. As PCI DSS raised the cost of holding payment card data, companies stopped handling the data themselves and outsourced processing to third parties. So rather than improve security, they avoided the security requirements.
We are starting to see this more and more: companies changing the way they operate, to reduce their security burden. Outsourcing is part of it, but in some cases, businesses are looking seriously at changing the fundamental parameters of their business - the services they offer, who they offer them to, and how they offer them - in order to manage their security burden.
So what are the key areas of opportunity? How can a business "shrink its way to security"? That is what this presentation will discuss. Return on Investment will be demonstrated and specific examples of Australian and International businesses used to bring the topic to life.
