South African companies are sitting on a "figurative asbestos" of digital data that is costing them millions and exposing them to significant security risks.
As the world marks International Digital Cleanup Day on 21 March, cyber security firms are urging businesses to tackle the growing threat of "data toxicity" – the accumulation of sensitive information that turns into a major liability if breached.
“We have spent the last decade obsessed with ‘big data’ and the idea that it is the new oil," says Richard Ford, group CTO at Integrity360. "The reality for many organisations is that data has become more of a figurative asbestos. It is piling up in cloud environments, costing a fortune to store, and if disturbed – by a hacker or a legal discovery process – it becomes toxic to the organisation.”
Ford argues that the first reason to aggressively minimise data is purely financial. Contrary to popular belief, cloud storage is neither cheap nor infinite.
"While the cost per gigabyte has dropped, the sheer volume of data generated has, in many cases, outpaced those savings,” he says. As a result, companies are paying exorbitant fees to store, back up and mirror terabytes of redundant, obsolete and trivial (ROT) data.
He explains that while "toxic data" is defined by its security risk and ROT data by its lack of business value, they often overlap to create a compound risk. “For example, a 2018 database of customer credit card applications is obsolete and trivial, but it is incredibly toxic because it is a liability if breached.”
Human error and AI 'exhaust'
Anna Collard, SVP of content strategy and CISO advisor at KnowBe4 Africa, points out that the human factor adds another layer of risk. Digital clutter increases "cognitive load", making employees more susceptible to manipulation and phishing attacks.
The more noise we have, the more we rely on shortcuts. "Also, with the rise of AI tools, we’re now creating a new form of 'data exhaust' – prompts, uploaded files, context. Cleaning that layer will become just as important as cleaning backups,” adds Collard.
Litigation nightmares
According to Integrity360, the risk calculation changes drastically when viewed through a legal lens.
“If your organisation is sued or investigated, you must produce relevant data during discovery. If you have 10 years of unmanaged Teams chats, e-mail archives from former employees and unclassified server dumps, lawyers must sift through all of it. Reviewing terabytes of data can easily cost more than settling the lawsuit itself,” Ford adds.
Furthermore, hoarding data is now illegal under SA’s Protection of Personal Information (POPI) Act. Keeping customer data longer than necessary for its original purpose is a direct violation of the law.
“A ‘keep everything just in case’ policy effectively invites non-compliance,” Ford warns.
Zombie account danger
Deleting old files is only half the battle; deleting access is even more urgent, Ford says.
Many companies still have “zombie accounts” – profiles of former employees that remain active months or years after they have left the company.
“HR may stop payroll, but if IT doesn’t immediately revoke SaaS licences and Active Directory access, a door remains open," he says. "Hackers exploit zombie accounts because they appear legitimate and avoid detection, enabling them to move laterally within networks. Digital minimalism requires an automated, strict de-provisioning process."
A call for governance
Integrity360 believes organisations must shift from a ‘storage management’ culture to one of ‘data life cycle governance’.
This involves three key steps:
- Automated retention policies: Implementing rules at the server level to automatically archive or delete old material, unless it is tagged for legal hold.
Data classification: Using automated tools to scan and tag data as it is created.
Defensible deletion: Creating a clear paper trail for data deletion so it can be legally proven if required.
“Data life cycle governance is a significant cultural and operational shift," says Ford. "The challenge lies in moving away from the hoarding mentality that data is the new oil.”
Share
