Intershop AG, a Thuringian software provider, is expanding its Management Board to three members, with Markus Dränert joining as the latest addition. Dränert, a 47-year-old business economist with experience as Managing Director of Haufe-Lexware and directorial roles at Deutsche Telekom, will take charge of improving the company's rental software range and cloud offerings, as well as its artificial intelligence strategy, starting from December 1.
As a part of his responsibilities, Dränert will oversee significant digital transformations, which inherently require an emphasis on data privacy. To ensure the security and confidentiality of sensitive personal data during the development and enhancement of their cloud offerings, he can adopt several best practices.
First, implementing data encryption is crucial, both at rest and during transit. Contracting industry-standard encryption methods like AES-256 and securely managing encryption keys is vital. Second, controlling data residency by determining where data is stored and ensuring compatibility with data residency requirements is essential. Third, classifying confidential data helps establish proper protection methods. Fourth, locking down access to sensitive data by placing it in its own service perimeters, implementing IAM access controls, and using multifactor authentication is crucial.
Maintaining a security-first perspective during development lifecycles, integrating security measures, conducting threat modeling, and rotating secrets regularly are additional ways to protect sensitive data. Fifth, implementing Role-Based Access Control (RBAC) to minimize potential vulnerabilities and regularly reviewing and updating permissions help secure the Principle of Least Privilege.
Lastly, taking advantage of cloud-native security controls like Web Application Firewalls (WAFs), Network Security Groups (NSGs), and log monitoring services can augment overall system protection. Automating compliance and auditing processes with tools like Policy-as-Code can also help ensure data security. By adhering to these practices, Dränert can assure that Intershop AG's cloud offerings comply with stringent data privacy regulations and safeguard sensitive customer information.
Sources: [1] AWS Security Best Practices: Protecting Sensitive Data in AWS, https://aws.amazon.com/security/resources/protecting-sensitive-data-aws/
[3] Microsoft Azure Security Best Practices: Data Protection and Privacy, https://docs.microsoft.com/en-us/azure/security/fundamentals/protect-data-privacy
[4] Google Cloud Security Best Practices: Protecting Sensitive Data, https://cloud.google.com/security/best-practices/sensitive-data
[5] Encryption and Decryption, https://infosecinstitute.com/encryption-and-decryption/
