Organizations are increasingly concerned about the loss or theft of electronic information, known as a data breach. Data breaches that result from unauthorized access by individuals within an organization have also become more common. These types of breaches, or data leaks, are commonly called insider threats. Insiders pose a unique challenge because they know how systems are configured, how to defeat these systems, and how to cover up any evidence.

Chris Williams is an enterprise cloud consultant at GreenPages Technology Solutions in Kittery, ME. According to his LinkedIn profile, Williams holds “too many certifications.” In fact, he is a certified AWS Solutions Architect Professional, an AWS Community Hero, a VMWare Certified Implementation Experty, a VMware vExpert, and more.

Williams is an expert in digital transformation who assists customers in deploying cloud solutions. He is also a subject matter expert for Skye Learning, appearing in Introduction to Cloud Computing and Cybersecurity.

Many people use the terms "data" and "information" interchangeably; however, there is a slight distinction between data governance and information governance. Information governance has more to do with all the processes and systems that gather and use knowledge, enhance it, and share it through the organization. Data governance is a subset of that, and it specifically focuses on the gathering, storing, and usage of data—especially personal data—concerning customers, employees, and partners. This data includes financial information, PII, phone numbers, emails, etc.

Imagine you arrive at work one day to find everyone in the office standing around and chattering loudly, while row after row of computer screens flash a ransom message. Someone quickly approaches and breathlessly informs you: “We’ve been hacked!”

News headlines constantly remind us of the volume of cyberattacks targeting major retailers, banks, hospitals, and individuals like you and me. Some of these attacks involve a high level of complexity, but until recently most have been fairly basic—recycled from older malware and repurposed by attackers for different goals. That’s all starting to change now.