No More Pointing Fingers
In the old days – circa any time prior to May 2018 – companies got away with pointing fingers are third-party providers in order to avoid financial penalties in response to privacy hacks. Despite not having anything in place to properly protect consumer information, these large enterprises rarely felt any pain as they passed responsibility on to a litany of subcontractors.
Those subcontractors also avoided the pain by showing how they should have been used and stating that the compromised company simply did not follow best practices. As a victim, consumers rarely had anywhere to go and were helpless in the face of this cleverly constructed web of denial.
Not. Any. More.
GDPR Changes Everything
In a great article on the new GDPR laws that kick into effect in May, TechCrunch reveals that the new regulations hold everybody responsible. Unlike anything prior to these new regulations, now exploits will cost the compromised company AND their providers. With penalties up to 4% of a company’s revenue per incident, this new reality will prove to be incredibly costly very quickly.
For those companies passing the buck, they will soon get what they deserve and stop placing profits over privacy…
But what about the majority of companies that try to maintain privacy and are, themselves, victims?
A general theme that we have been touting in our more recent posts has focused on not trusting anybody and enforcing protective measures under the assumption that everybody is compromised. In this case, locking down vendors and subsidiary providers through a comprehensive communications control policy effectively overcomes anything bad trying to get in the door. Even if a subcontractor is compromised, the data being shared with that vendor can be protected through policies that are controlled by the top-level business.
Another reason Bear is so powerful is that the main company can push Bear into provider networks without a) disrupting the business operations of that vendor or b) requiring access to any other data within that vendor’s systems. The source company can change its protection at any time, tailor the dissemination of its information and, in essence, create an invisible virtual private network to enforce any compliance needs.
This approach is the future that is being molded into existence by the GDPR and, very soon, matching laws coming out of the U.S. Companies will have to start taking full responsibility or suffer severe repercussions. Bear enables this new future in as lightweight a manner as possible.