51 of our Favorite Data Protection Resources
Businesses and organizations are creating and using data at unprecedented rates. With this boom in big data comes challenges and problems in information and data protection. Previously, enterprises emphasized perimeter security over things like endpoint protection, data-centric security and data loss prevention. Now, the rise of mobility and ever-expanding security perimeters make it necessary for companies to find data protection solutions that secure data from both internal and external threats, placing the focus on sensitive data as it travels within and outside of enterprise networks.
The ever-changing landscape of data protection has resulted in a tremendous amount of knowledge sharing and thought leadership from technology experts, industry analysts, consulting firms, privacy lawyers, and others with a vested interest in data security and protection. These experts share their knowledge and advice in a wide range of formats, including blogs, white papers, videos, webinars, guides, and other online resources. With the sheer quantity of information and resources available online today, it can be difficult to sort through it all to find the most trusted and experienced sources that provide accurate insights and educated perspectives on relevant data protection challenges facing modern enterprises.
So, we've compiled a list of 51 useful data protection resources to help you secure your data and feel more at ease about your company's valuable information. Our list includes reports from leading industry analysts, surveys, data protection blogs, white papers, videos, and more. The following 51 resources aren't listed in any particular order, other than by category. This list is not intended to imply that the resources included here are the best or only resources on the topic; rather, these are 51 data protection resources we think are worth a look, from analyst reports worth reading (or re-reading) to resource portals worth adding to your bookmarks. If there's something great that's not on the list, let us know in the comments!
Table of Contents:
- White Papers, Studies, and Reports
- Slide Shows and Videos
- Handbooks, Tutorials, Guides, and Publications
The Information Commissioner's Office (ICO) upholds information rights that are in the public interest and promotes openness by public bodies but strives for individuals" data privacy. The ICO Blog focuses on those information rights issues, and especially data protection.
Three posts we like from ICO Blog:
- Changing your name and gender: the data protection implications
- A CCTV code fit for 2014 and beyond
- NHS Trust visits show positive results
The blog of Hogan Lovells, privacy attorneys and data security lawyers, Chronicle of Data Protection includes posts about consumer and financial privacy, cybersecurity and data breaches, and other topics of relevance to data protection. With the latest information on security news and trends, Chronicle of Data Protection is a useful read for those who need the most up-to-date data protection regulations and news.
Three posts we like from Chronicle of Data Protection:
- German Data Protection Authorities Issue Resolution on Connected Cars
- FTC Reminds Broadband Providers of their Data Privacy and Security Obligations
- NIH Issues Rules on Genomic Data Sharing
datonomy boasts a team of home, international, and guest bloggers to make it a well-researched data protection blog. Posts typically discuss data protection law and practice, as well as the problems and challenges associated with data protection.
Three posts we like from datonomy:
- Draft EU proposals on cyber and data breach notification: where are we now?
- New ISO Code of Practice for Public Cloud Service Providers Processing Personal Data
- First of its kind CNIL sanction against a telecoms operator for data breach: wider lessons for the supply chain?
The Data Protection Technology Blog is provided by the Guardian, which covers American and international news for its global online audience. Data Protection Technology Blog is frequently updated with the latest news and information about worldwide data protection issues and is a trustworthy resource.
Three posts we like from Data Protection Technology Blog:
- Court sets legal precedent with evidence from Fitbit health tracker
- Four arrested in UK RATs anti-spyware raid against webcam malware
- US Senator Al Franken pushes Uber for answers on privacy fiasco
Privacy Matters is written and maintained by DLA Piper's Data Protection and Privacy practice. Posts update readers about legal matters and regulations regarding data protection, plus include analysis of data protection happenings around the world.
The expert behind the IT Security Expert Blog is Dave Whitelegg, a UK-based information security expert. Whitelegg makes his blog accessible to people at all levels of technology knowledge and provides his views on IT security, privacy, and data protection.
Three posts we like from IT Security Expert Blog:
- You're so hacked, you don't even know it!
- Cloud is the New Security Perimeter
- Time to Start Preparing for the New EU Data Protection Law
As the Privacy Surgeon, Simon Davies provides "forensic insights from the world's most experienced privacy advocate." Davies analyzes issues of privacy, information security, and data protection in his informative, sometimes satirical posts.
Three posts we like from the Privacy Surgeon:
- How to complain to a Data Protection Authority - a beginner's guide
- Why I applied for Europe's top data protection job - and why you should too
- Has Europe played its dirtiest hand ever to undermine data protection reform?
Martin Hoskins is the Data Protector, and he uses his blog "to offer an irreverent approach to data protection issues." Hoskins' preference for transparency, fairness, practicality, and risk-assessment over technical principles are clear in his data protection posts.
Three posts we like from Data Protector:
- Privacy regulators resolve to try more joined-up enforcement - but why?
- What's the difference between data protection and privacy?
- New data protection accreditation framework launched
BakerHostetler is "one of the nation"s largest and most comprehensive practices in the area of data privacy and information security." Data Privacy Monitor, their blog, offers information on data privacy and information security and is a very helpful resource to organizations that handle data protection.
Three posts we like from Data Privacy Monitor:
- Will Using "Apple Pay" Keep the Data Breach Away?
- California Extends Deadline for Reporting Breaches to the CDPH from 5 to 15 Business Days
- Mobilizing on Mobile Apps: The FTC"s Comment to the CFPB Signals its Priorities
Data Protection Insights, a blog provided by Computerworld, shares the advice and insights from Peter Eicher"s more than 15 years of experience in the computer software industry. The posts cover data protection-related topics such as data backup and recovery and storage, among others.
Three posts we like from Data Protection Insights:
- Are there data squirrels in your IT department?
- Makin" copies! How many copies of data are you storing?
- Data protection and growth within budget. Possible?
Produced by Dentons" Global Privacy and Security group, Privacy and Data Security Law provides information on creating, collecting, using, destructing, and securing data for compliance, to minimize litigation risk, and to maintain usability. The blog posts provide very detailed information and advice for data protection and other related topics.
Three posts we like from Privacy and Data Security Law:
- EU Data Protection Regulation: Update
- European Data Protection Regulation: inflexible 2% turnover fines criticised
- Progress on EU data privacy reform: "irreversible"
Innovation Insights, a community blog and forum, is "dedicated to new thinking for a new era in technology." Community members post their thoughts, ideas, insights, and tips on everything from big data to supercomputers on the blog, but there is a rich discussion centered on data protection that is definitely worth a read.
Three posts we like from Innovation Insights:
- Data Protection: Creating a More Holistic Approach
- EU Emerging as Leader in Data Privacy
- Defending the Undefinable: Securing Data in a Perimeterless World
Data Protection from CSO provides readers with the latest news, analysis, opinion, and more regarding data protection. With research and how-to guides, Data Protection is a robust blog that serves everyone who is tasked with data protection.
Three posts we like from Data Protection:
- "Less" means more to malware authors targeting Linux users
- How to create seamless mobile security for employees
- 5 ways to escape password hell
Infosecurity Magazine"s Data Protection category includes information on best practices for managing data breaches, information risk management, and tools and procedures for effective data loss prevention. Information is presented in a variety of formats, including white papers, webinars, and articles.
Three resources we like from Infosecurity Magazine Data Protection:
- The Human Factor: How Attacks Exploit People as the Weakest Link in Security
- The Top 5 Data Center Threats You Need to Know
- Remote Working Policies Causing Data Breach Risk
TechTarget"s Enterprise Data Security and Privacy section is a robust collection of perspectives, news, and insights on data protection. You"ll find news stories and vendor resources, product reviews, Q&A resources, and more.
Three posts we like from TechTarget Enterprise Data Security and Privacy:
- The White House got hacked; are you next?
- Security, cloud tied as top priorities for 2015 in CIO salary survey
- Managing information security amid new threats: A guide for CIOs
The System Center: Data Protection Manager blog at TechNet covers all things related to Microsoft System Center products, in addition to general news and industry insights on data protection, security, and mobility.
Three posts we like from System Center: Data Protection Manager:
- How to achieve success with enterprise-grade mobility
- TechEd Europe 2014: Cloud integrated data protection session video
- Backup and DR sessions at TechEd North America 2014
ESG Global offers a robust collection of resources, analyst reports, surveys, and other insights related to data protection. Blogs, videos, and lab reports offer insights on the latest research in the field of data protection, as well as varied perspectives from industry analysts and thought leaders.
Three resources we like from ESG Global Data Protection Resources:
- Better Catalogs Make for Better Data Restores (video)
- Data Protection Appliances are better than PBBAs (video blog)
- Why Doesn't IT Back Up BYOD?!
The Brocade white paper "Data Protection: Understanding the Benefits of Various Data Backup and Recovery Techniques" features content about how organizations should define their recovery objectives. The paper also discusses how organizations should align their technology strategy and business requirements and is a valuable read for any company executive who makes decisions about data protection.
Three key topics we like from Brocade:
- Data recovery objectives
- Macro design decisions
- Continuous data protection and file services data protection
Digital Guardian's 5 Practical Tips to Protect Manufacturing Trade Secrets offers five key recommendations for evaluating your organization"s security program"s ability to protect your IP from cyber espionage attacks.
Three key topics from 5 Practical Tips to Protect Manufacturing Trade Secrets:
- Former DuPont CISO Larry Brock on makes the case for investment in IP protection and establishing a holistic program
- Approaches to calculating the true cost of IP theft
- Protect your IP from insider and outsider threats
Known for its technology insights, market intelligence, and advisory services, ISG is a leader in the field. ISG"s white paper, "Defining the Right Data Protection Strategy: The Nuances of Backup and Recovery Solutions," is an authoritative data protection resource from ISG"s Cindy LaChapelle, Principal Consultant.
Three key topics we like from ISG:
- Data protection strategies for critical business data
- Optimizing data protection
- Appropriate data protection solutions
Insider threats pose substantial risks to enterprise intellectual property. Dan Geer reveals strategies for mitigating the risk of insider threats in this white paper from Digital Guardian.
Three key topics from Dan Geer on How to Mitigate the Risk of Insider Threats:
- Mitigating security risk from insider threats
- The current state of insider risk and how to assess insider risk
- Most cost-effective approach for mitigating insider risk
This study, conducted by the Ponemon Institute, uncovers what executives consider to be the most important considerations in the safeguarding of sensitive information and the compliance with increasing regulatory requirements. This is the second such study focused on the awareness of CEOs and other executives about their companies" data protection efforts and the value in data protection initiatives, both in terms of economic justification and in how well these efforts support broader organizational goals.
Three key topics we like from The Business Case for Data Protection:
- The perceived value of data protection efforts
- Executive awareness of corporate data protection efforts
- Major risks to sensitive and confidential data in the cloud
Expanding mobility programs have created less-definable security perimeters for enterprises. That"s the focus of this analysis from the Ponemon Institute, which surveys 676 IT and IT security practitioners with knowledge of and/or involvement in endpoint security. The study finds that endpoint security is more difficult to manage than ever.
Three key topics we like from 2014 State of Endpoint Risk:
- The biggest threats to endpoint security
- IT security risks of greatest concern to organizations
- The most frequent types of malware incidents
This Executive Summary from the Verizon 2014 Data Breach Investigations Report reveals findings from an analysis of data from more than 50 organizations around the world and more than 63,000 security incidents. In total, 1,367 confirmed data breaches were studied, identifying nine key patterns that have contributed to more than 92 percent of data breaches within the past decade.
Three key points we like from Verizon 2014 Data Breach Investigations Report:
- The key elements involved in a data breach
- Nine incident classification patterns
- Who can you trust?
Unstructured data is one of the most substantial risks to enterprise security in the modern landscape. This white paper from Digital Guardian discusses how new approaches to security provide the most effective and proactive protection for unstructured data.
Three key topics from How to Protect Unstructured Sensitive Data:
- How to protect unstructured data to bolster your competitive advantage
- Learn where your unstructured data lives and how to provide continuous protection
- How to implement a phased data program that respects existing business processes while iteratively decreasing risk to unstructured sensitive information
Most enterprises and SMBs are aware of the potential cost of unrecoverable data on lost or stolen laptops and mobile devices, even desktops. But while mobility continues to gain momentum, most firms fail to implement adequate security measures that sufficiently address the increased risk. This IDC analyst report, available from InformationWeek, discusses why adequate endpoint protection is more critical than ever.
Three key topics we like from The Critical Need for Edge Data Protection:
- Mobility has led to complexities in data protection
- Most firms lack adequate protection, recovery policies or tools for increasing data volume
- The need to protect endpoint devices is more critical than ever
Knowing what happens when data is used or combined in a particular way is the next step in security. That"s the focus of this analyst report, offered by TITUS, providing an understanding of the shifting security requirements for data as it changes state or location throughout an enterprise.
Three key topics we like from Data Events: the next step in security:
- Business decisions can drive data events
- Data security requirements change as data changes state or location
- Proper recording and handling of data events
In the modern security landscape, the perimeter approach is no longer sufficient given the constantly shifting security perimeters of most enterprises today. A data-centric approach to security ensures that security measures travel with your data throughout the enterprise network. This analyst report from Forrester, available through Digital Guardian, discusses the advantages of the data-centric approach over more traditional perimeter-focused methodology.
Three key topics we like from Forrester Future of Data Security:
- How to implement a data-centric approach and bolster your security posture
- Learn about Forrester's Data Security and Control Framework
- Necessary steps to maximizing on the potential of big data and digital business
While endpoint protection has historically been an afterthought as mainstream backup and recovery vendors emphasize servers, endpoint data protection is now beginning to become more of a focal point for both IT security and backup/recovery services. This analyst report, available from Code42, discusses the driving forces behind this shift and the role of endpoint protection in modern security.
Three key topics we like from How BYOD is Reshaping the Endpoint Data Protection Landscape:
- BYOD and the consumerization of IT
- IT can no longer ignore sensitive data contained on mobile devices
- Data loss, centralization of data, and management of mobile data
Consumers continue to be at risk of identity theft, despite the Payment Card Industry"s (PCI) Data Security Standard (DSS). The results of this PCI DSS Compliance Survey reveal the findings of a survey across more than 500 U.S. and multinational IT security practitioners, presented by Imperva and the Ponemon Institute.
Three key topics we like from PCI DSS Compliance Survey Results:
- How to use PCI to bring about a broader, more effective security program
- Get senior management more aware of and involved in IT security using PCI
- Properly align your organization and select cost-effective strategies
Security too often focuses on systems and devices, largely ignoring data. This analyst report from TITUS reveals why data should be the focus of security and how analyzing, identifying, and defining data are the keys to effective enterprise security.
Three key topics we like from Analyzing the Chemistry of Data:
- Answering the question of what employees could do with data
- Security is too often focused on systems and devices, rather than data
- Analyzing, identifying & defining your data
This Final Sponsor Report from ESG Research, offered via CIOSummits.com, covers the modernization of data protection based on an in-depth survey of 330 IT professionals responsible for data protection solutions encompassing hardware and/or software. Mid-market and enterprise-class organizations from both North America and Europe are represented in this survey.
Three key topics we like from The Modernization of Data Protection:
- Size and Growth of Data Protection Environments
- Data Protection Challenges and Areas of Investment
- Adoption of Alternative Data Protection Technologies
IT BusinessEdge"s slide show, "Eight Steps to Enterprise Data Protection," explains eight steps for developing an enterprise data security plan. IT BusinessEdge reminds companies that they no longer can focus solely on perimeter security for their data protection, because more than 50 percent of security breaches are committed internally.
Three key topics we like from IT BusinessEdge:
- The importance of data classification
- Determine an acceptable threat level
- Implement compliance measures
This video features a tour of a Google data center. The security and data protections that are in place at Google"s data centers are highlighted in the seven-minute video and serve as a model for other organizations looking for data protection solutions.
Three key topics we like from Security and Data Protection in a Google Data Center:
- Physical security of the data
- Protection of the data in the data center
- Reliability of operations in the data center
In this video from Thales e-Security, Richard Moulds, Vice President of Strategy, explores several questions surrounding data protection and the cloud. He details information from a study that shows how organizations should approach data protection in a cloud environment.
Three key topics we like from Data Protection in the cloud are we fooling ourselves?
- Applying encryption to protect data in the cloud
- Data protection responsibilities
- Organizations" roles in protecting their own data in the cloud
This nearly hour-long webinar includes presenters Ken Rashbaum, attorney and principal of Rashbaum Associates, LLC, and Dr. Johannes C. Scholtes, chairman and chief strategy officer of ZyLAB. Moderated by Mary Mack, enterprise strategy counsel for ZyLAB, the webinar explores the need for enterprises to find practical solutions for reducing the risk and cost associated with data protection challenges.
Three key points we like from Webinar Privacy and Data Protection in eDiscovery:
- Enterprises may be subject to preserving, disclosing, or discovery obligations in relation to data
- The risk and cost of global data privacy
- Cross-border discovery challenges with data protection
This video by Jason Buffington, whose specialty is data protection and Windows Server infrastructure, management, and virtualization, explores the idea that data protection is an umbrella term. The video explains how data protection actually is a broad range of IT behaviors, including archiving, backups, snapshots, replication, high availability, disaster recovery, and business continuity.
Three key points we like from How to Plan your Data Protection Spectrum:
- Use feedback from business stakeholders to determine which color of the Data Protection Spectrum best meets business goals
- Consider solutions that consolidate the management of them
- Choose solutions that are most cost-effective
This ESG Research Spotlight video, commissioned by Zerto, features ESG senior analyst Mark Bowker. In Data Protection Challenges of Virtualization and the Cloud, Bowker discusses the challenges IT organizations face as they virtualize their environment.
Three key points we like from Data Protection Challenges of Virtualization and the Cloud:
- Organizations lag in their Tier-1 database, ERP, and CRM virtualization
- The gap between traditional replication functions and the needs of the virtual world
- Tier 1 database applications require much more protection than the other tiers
Womble Carlyle attorney Ted Claypoole and former White House CIO Teresa Payton co-authored the book "Privacy in the Age of Big Data." This video series on YouTube is a collection of discussions between the authors about the data protection topics and issues they cover in their book.
Three videos we like from the Privacy in the Age of Big Data Series:
The Nimble Storage company offers flash storage solutions. Their infographic analyzes survey results from 1,600 small, medium, and large businesses worldwide in regards to the need for aggressive data protection.
Three key points we like from The Need for Aggressive Data Protection:
- 70% of respondents say more than half of all data is business critical
- 69% of respondents rely on disk as the dominant media for data protection
- 43% of respondents report meeting recovery time objectives as a top data protection challenge
A leader in software that processes unstructured data, HP Autonomy is known for its enterprise backup and recovery capabilities. The Rethinking Protection for the Modern Data Center infographic captures modern approaches to data protection.
Three key points we like from Rethinking Protection for the Modern Data Center:
- 90% of today"s data has been created in the past two years
- Only 25% of servers were virtual in 2010; in 2014, 75% of servers were virtual
- 75% of organizations cite "security and data loss" as their primary concern
DLA Piper is a global law firm with more than 4,200 lawyers working to help companies with their legal needs. Their interactive handbook, Data Protection Laws of the World, is geared toward businesses and organizations looking for help in comparing data security and data protection legal matters around the world.
Three key features we like from Data Protection Laws of the World:
- Compare the National Data Protection Authority of any two countries
- Compare the Breach Notifications of any two countries
- Compare the Data Security and Data Protection Laws of any two countries
SNIA works to advance IT technologies, standards, and education programs for IT professionals. Their Data Protection and Management Tutorials are available for download directly from their site, and visitors also may view abstracts prior to downloading so they can decide which tutorials are best suited to their data protection needs.
Three key topics we like from Data Protection and Management Tutorials:
- Managing backup and recovery in today"s data centers
- Advanced data reduction concepts
- Trends in data protection and restoration technologies
The Data Protection Act of 1998 includes a number of legal obligations for companies to follow in order to protect information. The Guide to data protection from ICO is intended for organizations that handle personal information about individuals and are concerned with complying in all areas of data protection.
Three key topics that we like from the Guide to data protection:
- Key definitions of the Data Protection Act
- Data protection principles
- The conditions for processing
The EU Data Protection Regulation guide from ComputerWeekly.com explains the new European Data Protection Regulation in full. This essential guide also helps businesses to determine whether they need to make any changes in their data protection solutions to meet those regulations.
Three resources we like from EU Data Protection Regulation:
The International Association for Information and Data Quality (IAIDQ) is "a not-for-profit, vendor-neutral professional society of people who are interested in promoting and defining information and data quality." The Information Quality Journal is the association"s publication that shares insights for data professionals, including those pertaining to data protection. Some articles are free to read, while others are available only to members.
Three articles we like from Information Quality Journal:
- When You"re Not Ready for Data Governance
- Coordinating a Successful Data Governance and Master Data Management Strategy Across the Enterprise
- Achieving Business Effectiveness and Efficiency through a Comprehensive Information Management Strategic Program (members only article)
InfoSec Institute provides high-quality information security training. Their articles and technical tutorials focus on data protection-related issues, including layered protection, data protection tools, sharing sensitive business data, and more.
Three articles we like from InfoSec Institute:
- The dos and don"ts of sharing sensitive business data
- Why email puts your business data at risk, and what to do about it
- Defense-in-Depth: Layered Protection and Data Security
The TH!NK PRIVACY toolkit, a set of training materials from ICO, was "created to aid the communication of the challenge faced by organisations of all sizes, to their employees reminding staff to "press the mental pause button" before taking action." With free downloadable posters, bin stickers, and postcards, TH!NK PRIVACY provides the materials helpful for reminding employees to think about data protection during all stages of their work.
Three resources we like from TH!NK PRIVACY:
- TH!NK PRIVACY Toolkit Option 1 Printable "Responsibility" poster
- TH!NK PRIVACY Toolkit Option 1 "In your hands" poster
- TH!INK PRIVACY Toolkit Option 2 "Data sending" poster
The International Association for Information and Data Quality (IAIDQ) provides dozens of publications for both members and nonmembers. The publications cover a wide expanse of years and include webinars, journal articles, book reviews, industry reports, and other information sources on data protection.
Three resources we like from International Association for Information and Data Quality:
- Information & Data Veracity (online newspaper)
- The DNA of Data (webinar)
- World-Class Meta Data Management (webinar)
Hunton & Williams" privacy practice is a worldwide firm with experience and knowledge in information security and data protection. Their lengthy list of publications is a valuable resource for IT professionals and company executives who bear the responsibility of data protection.
Three resources we like from Privacy and Information Security Law Blog Publications:
- Expert Comment, Council of Ministers" Progress on the Proposed General Data Protection Regulation
- Data Protection & Privacy 2015, United States, Getting the Deal Through
- The Challenges of Cloud Computing Agreements: Evaluation Strategies
The Online Trust Alliance creates the 2014 Data Protection & Breach Readiness Guide to help organizations of all sizes understand the issues and solutions that can enhance data protection practices and develop readiness plans to enable rapid incident response.
Three key topics we like from 2014 Data Protection & Breach Readiness Guide:
- Data Governance and Loss Prevention
- Incident Response Planning
- Training, Testing & Budget
Get email updates with the latestfrom the Digital Guardian Blog
Thank you for subscribing!