It's critical for any organisation to have data governance as a strategic objective.
In light of this, Varonis Systems, in partnership with ITWeb, is conducting an online Data Governance Survey during the month of March to gain valuable insight into the data governance strategies within the South African organisations.
"The survey will be used to understand South African organisations' approach to data governance and to start a conversation around the importance of knowing who is accessing an organisation's sensitive data," says Louis de Kock, South Africa Country Business Development at Varonis Systems.
De Kock adds that it is also important to establish what is being done with such access and how to put controls in place to prevent or mitigate abuse.
"Data Governance is about understanding the risks associated with your most sensitive data and employing controls and policies to ensure that only the right people have access and all activity is monitored and flagged for misuse."
Access to data is a defensive technique
De Kock believes it is unfortunate that too many organisations treat access to data as an administrative task rather than viewing it as a defensive technique.
"While organisations are focused on threats, the hackers are focused on the data and exploiting the oversubscribed access and limited detective controls in place," he adds.
De Kock also points out that a number of procedures can be put in place to manage costs related to data governance.
"People leave, join and change roles within an organisation; this means that their access rights change as well."
He gives an example by pointing out that a sensitive file full of personally identifiable information (PII) may have made sense for an employee in the HR department, but once the employee moves to sales support, there is no need for this access.
"Information changes as well. The same PII file that may have been used to run bonus payouts last years is no longer useful this year."
De Kock goes on to say that a full scale understanding is necessary of the type of data in an environment - its sensitivity and usefulness. He also points out that such regular attestations of who needs access to data is required to control the data and the cost of a data leak.
In his opinion, De Kock believes that data governance is not a one-time project.
"It is an ongoing enforcement of policies to protect data; therefore, organisations need buy-in from senior executives and an educational campaign to promote the importance of data protection to end users. Furthermore, organisations need to set themselves up for success with the right solutions to classify sensitive data, analyse behavioural patterns, alert on anomalous activity and provide proactive management," he explains.
De Kock adds that data vulnerabilities will always exist.
"Taking a proactive approach that focuses on protecting the data rather than focusing on the threat will help maintain control of the data and protect against malicious intent."
Click here to complete the survey and you can win an Apple Watch.