Infrastructure - to the cloud."

[tanjimajuha20]

Evgeny Surkov admits that many companies will move the processing of personal data outside the organization: "They may reconsider activities related to personal data, primarily companies for which the processing of such data is a sideline. In this case, the option becomes the delegation of operations with data, moving them outside the organization. The result may be a greater concentration of data flows and arrays, and an increase in sales of information security bulgaria whatsapp number database services to operators of such arrays. On the other hand, companies that earn money directly on data or seriously optimize financial indicators based on it are more likely to try to build a system to counteract leaks themselves - or manage the consequences of leaks, including mechanisms for concealing and denying information about the fact of a leak."

Viktor Ryzhkov believes that clients lack modern technical solutions to ensure data security and are therefore forced to use non-core or obsolete products, which in turn leads to operational inefficiency and excessive spending of information security budgets: "The fact is that the main classes of data protection tools were formed 10-15 years ago, that is, they were created for different realities, when it was enough to solve individual problems: one product protects databases, another - file storage, and a third - masks data. However, the data infrastructure of a modern organization has evolved in recent years and has grown exponentially in volume. In the new realities, the requirements for information security tools have also changed. We increasingly hear from clients a request for a unified approach."

According to Egor Petrov, the number of companies that will ignore the implementation of protective measures will steadily decrease: "Some companies may assess the risk of hostile penetration or receiving a fine lower than the cost of the budget for the formation of a protected perimeter of the company. However, from our point of view, this is a short-term strategy that does not take into account the emergence of "black swans."

How to make regulation effective
Viktor Gulevich believes that truly effective regulatory measures must be comprehensive: “Regulatory measures that will really work include a set of measures to monitor companies’ compliance with industry data security standards, measures to promptly inform about new types of threats, and penalties.”

Maria Kurnosova sees the role of the regulator in ensuring that businesses do not collect excessive amounts of personal data: "We believe that the creation of a legal ecosystem in which PDn operators will not process information flows of data that are objectively unnecessary for business will significantly increase the security of PDn. It will also be economically beneficial for organizations to comply with such requirements - this will reduce the risk of penalties and the amount of indirect costs for information security."

Mikhail Sergeev believes that regulators should encourage companies to implement technical and organizational measures to protect personal data: "It is necessary to periodically conduct data security audits, train personnel, provide and support modern data protection software free of charge, use encryption and two-factor authentication to access data. And simply introducing turnover fines will only bankrupt many companies."