Data Localization: Crafting a Compliance PlanByte Software's Steve Marshall on Steps CISOs Need to Take
Organizations that are taking steps to comply with India's "data localization" regulation - and similar laws elsewhere - need to make sure they understand all the requirements, says Steve Marshall, CISO at Bytes Software Services, a computer support and services firm.
"The first step would be actually understanding what the law says," he says in an interview with Information Security Media Group. "It is up to the CISO and their team to look at what data is impacted, where is that data in the business, what processes use that data, and where those processes are conducted."
The Reserve Bank of India, India's central bank, has issued a regulation that requires payment system operators to store Indians' data only within the nation after processing - a move designed to improve security. Broader data localization requirements are under consideration.
In this interview (see audio link below image), Marshall also discusses:
- The challenges for security teams carrying out data localization;
- How a CISO begins the process of localizing data;
- The estimated time taken by a security team to complete localization process.
Marshall is CISO at Bytes Software Services, a U.K.-based computer support and services firm. He specializes in business consulting, payments, compliance, breach clean-up, enterprise architecture validation, assurance, corporate/information security, security restructures and risk across many business verticals and markets.