C which are commonly used in startups , and tools relied upon for an individual ’ s own personal notetaking ( such as Notion , Obsidian , etc .) tend to process a lot of data . Despite much of this data being sensitive , it is not always clearly understood where that data is ultimately stored and how it is secured . Businesses should know exactly who owns it and who is responsible for it in terms of backup and recovery , to prevent data loss or exfiltration .
It is better to invest more time upfront , than risk losing all your data due to sloppy processes .
Startups tend to prefer speed over process , which can lead to additional security exposure if not well managed . Businesses should ensure they cover the basics in terms of security . It is better to invest more time upfront , than risk losing all your data due to sloppy processes . For most modern businesses , data is their lifeblood so it makes sense to prioritise putting security measures in place to protect it .
Today , data is increasingly exchanged via Application Programming Interfaces ( APIs ). Often , traditional security tools don ’ t have full visibility , nor a clear understanding , of the inner workings of these API services . As a result , protecting PII information becomes harder as the boundaries of responsibility become more opaque . Protecting APIs should be an
FILIP VERLOY , TECHNICAL EVANGELIST EMEA , NONAME SECURITY
Protecting APIs should be an integral part of any business ’ strategy for managing compliance and securing data .
integral part of any business ’ strategy for managing compliance and securing data .
My advice to smaller businesses with limited resources and budget would be to limit the scope of tools they intend to support and make sure they understand the SLO / SLAs of these tools when it comes to getting data back . For example , are they responsible for the data in Office 365 , or is Microsoft ?
Finally , when using cloud-based services , businesses should ensure they understand the governing regulations when it comes to data access ( for example , CLOUD Act ) but also their own responsibilities around data protection and privacy regulation , such as GDPR . u