The National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity information sheet, “Selecting a Protective DNS Service” on Thursday. This publication details the benefits of using a Protective Domain Name System (PDNS), which criteria to consider when selecting a PDNS provider, and how to effectively implement PDNS.
Organisations, on average, receive benefits 2.7 times their investment, and more than 40% are seeing benefits that are at least twice that of their privacy spend according to Ciscoâs 2020 Data Privacy Benchmark Study. Privacy has become a big issue globally in recent years, particularly following the introduction of the European Unionâs General Data Protection Regulation (GDPR) that caused domain name registrars and registries to make major changes to their practices.
The Cisco study, released in observance of International Data Privacy Day, also found that up from 40% last year, over 70% of organisations now say they receive significant business benefits from privacy efforts beyond compliance, including better agility, increased competitive advantage and improved attractiveness to investors, and greater customer trust.
Other benefits included companies with higher accountability scores (as assessed using the Centre for Information Policy Leadershipâs Accountability Wheel, a framework for managing and assessing organisational maturity) experience lower breach costs, shorter sales delays, and higher financial returns while 82% of organisations see Privacy Certifications as a Buying Factor. These included privacy certifications such as the ISO 27701,Â EU/Swiss-US Privacy Shield, and APEC Cross Border Privacy Rules system becoming an important buying factor when selecting a third-party vendor. India and Brazil topped the list with 95% of respondents agreeing external certifications are now an important factor.
In a blog post, Robert Waitman, Director, Data Privacy Security and Trust Office at Cisco said âthe results of this study highlight that privacy is good for business, beyond any compliance requirements.â Waitman writes Cisco recommends organisations:
- Invest in privacy beyond the legal minimum; most organizations are seeing very positive returns on their privacy spending.
- Work to obtain external privacy certifications; these have become an important factor in the buying process.
- Build in privacy accountability and maturity to achieve security benefits, reduced sales delays, and higher returns.
Ciscoâs 2020 Data Privacy Benchmark Study is their third annual look into corporate data privacy practices worldwide and shows growing tangible benefits for businesses that adopt strong privacy practices.
The study is based on results from a double-blind survey of over 2,800 security professionals in organisations of various sizes across 13 countries. It provides deep insight into the state of privacy a year and a half after the effective date of the European Unionâs General Data Protection Regulation (GDPR), widely considered a turning point on how organisations control and manage the use of personal data. Customer demands for increased data protection and privacy, the ongoing threat of data breaches and misuse by both unauthorised and authorised users, and preparation for the GDPR and similar laws around the globe spurred many organisations to make considerable privacy investments â which are now delivering strong returns.
The European Unionâs General Data Protection Regulation (GDPR), introduced in May 2018 but adopted in 2016, has been a focus in the domain name world due to required changes to contact information that has been required for WHOIS and ICANNâs ham-fisted attempts to deal with the situation which led to ICANN losing multiple court actions and exemptions provided to many registrars located within the EU regarding information they were required to collect under their Registrar Accreditation Agreements. Additionally, almost all, if not all, country code top level domain (ccTLD) registries located either within the EU or who allowed EU citizens to register their domains were required to make changes as to the information they required registrars to collect upon registering a domain name.
For more information, see: