By Gee Rittenhouse
CEO, Skyhigh Security


Four years ago, a milestone was achieved with the introduction of the General Data Protection Regulation (GDPR). This was a major step forward for both privacy as well as data security. With today’s anniversary, it is a good opportunity to remind ourselves of the importance of data protection and the processes we can take to be one step ahead.

The law states that businesses must handle data securely by implementing “appropriate technical and organisational measures”. One-way organizations can comply with this regulation, is by ensuring the implementation of multi-factor authentication. Simply having a username and password is no longer enough; we need to move beyond this to adopt a more secure approach to user verification.

Once a user has verified themself, they must only have the minimum level of access necessary for their day-to-day business. This is the foundation for a Zero Trust framework. Organizations should adopt this framework across their entire enterprise. However, we can do better. Most Zero Trust frameworks focus on data access, but an organization would do well to extend this beyond access to data usage.

By putting these security measures in place, organisations are not only complying with GDPR but are using techniques that are well suited for today’s hybrid workforce where users want access to data from anywhere, on any device, and on any platform.

Learn more about Skyhigh Security’s Zero-Trust approach.