New security practices are needed to cope with the accelerating torrent of security threats attracted by big data while continuing to leverage its increasingly vital benefits, says Kim Andersen, Account CTO at T-Systems Africa.
"Data is the new oil, precisely because its value is growing phenomenally," says Neil Cosser, identity and data protection manager for Africa at Gemalto.
Many organisations are unwittingly sitting on information assets of immense worth, Cosser says. "Just because they are not making the most of them doesn't change that fact."
A business's data about its customers and processes, while valuable specifically to the business, can also be rewarding to outsiders in helping to determine broader market patterns, Cosser explains.
Data exploitation could be as straightforward as cyber criminals selling stolen information, he says. "It's not much of a stretch to consider a grey market for dubiously obtained market or corporate data," he muses.
The challenge this presents corporations with is "how to protect something which has yet to release its market value," notes Cosser. The first step is to determine which data assets offer the most value, and how, he says. "It could be the most innocuous-seeming system - the spare parts database, say - that is actually of huge worth and therefore most open to exploitation," he offers.
Share scare
Data leaks and security breaches have a clear relationship to share price, says Andersen, and "this reality often causes CIOs to take the most conservative approach possible - looking to lock-down, protect and prevent incidents with strong firewalls and policy-driven approaches to security."
But this approach can severely affect a business's ability to compete in the digitised economy, Andersen notes.
Andersen advocates a "detection and quick response" approach to cyber attacks rather than taking measures to prevent them completely.
To compete securely in a digitised environment, organisations should also adopt a more refined, granular approach to data access, he puts forward. Instead of blanket policies, data access should consider who needs access to what data, at what times, and under what conditions, he explains.
"By using permissions, signing in and out, and using audit trails, organisations can build what we call a 'programmatically controlled' approach to security," says Andersen.
Corporations should also empower their staff to take ownership of security by giving them the knowledge and tools to make the right decisions, he continues.
By enabling employees to access the data they need, organisations unlock new opportunities for collaborating, finding new solutions and opportunities, and getting closer to customers, Anderson says.
"With the right approach and the appropriate solutions, organisations can position themselves to capitalise on the benefits of open innovation needed for digital transformation, while responding in real-time to any new security threats."
Share