Advanced data discovery, risk insights and management help organisations to remain compliant while also allowing them to realise operational savings.
This is according to Ben van Niekerk, Business Development Executive – Cybersecurity, at Faranani DocTec, who was speaking during a webinar hosted by Faranani DocTec in partnership with ITWeb.
Van Niekerk noted that POPIA is being actively enforced, with the Information Regulator actively investigating and fining organisations. However, many businesses still lack clarity and visibility as to what personal and sensitive information they hold, where it lives or who has access to it.
He said: “Data breach numbers are scary: South African breaches last year totalled 2 374 – around 284 a month. In recent years, we have seen a number of high-profile organisations in South Africa being breached." The numbers are increasing, and there are huge costs associated with these breaches, he said. “If we don't govern data properly, there are huge implications.”
He noted: “Data governance is a framework of policies, processes, roles, standards and technologies that ensure data is accurate, consistent, secure, usable and well managed throughout its life cycle. It matters because organisations have a sprawl of data and applications that increases risk, and this attack surface is expanding. Without good governance, organisations face compliance risks, financial costs, operational inefficiencies, and business and strategic risks, due to missed insights and decision-making blind spots.”
However, he said 80% of enterprise data is unstructured, and 70% of this can be considered ‘dark data’ – data that is unused. This dark data includes ‘ROT’ (redundant, obsolete or trivial) data, and 23% of unstructured data contains PII (personally identifiable information).
“This poses monetary risk such as POPIA violations and fines, and reputational risk. The regulator is ‘getting teeth’ and imposing bigger fines; recently, the Department of Justice was fined R5 million for a 2021 security compromise,” he said.
Polls of webinar attendees found that only 29% were fully confident that they knew where all their ROT data and PII were stored across their environments. Forty-eight percent were somewhat confident and 22% were not confident. On the question of whether a breach would leak information that was stale and should have been deleted years ago, 38% said that their exposure would be minimal, 39% said their exposure would be moderate and 21% said they faced a significant risk because they rarely deleted data for fear of losing something important.
Van Niekerk said: “The challenge is that enterprise data is scattered across the enterprise, making it difficult to know what you have and what its sensitivity is. You need discovery, risk insights and classification to understand the data landscape, protect it and do proper governance.”
Van Niekerk highlighted OpenText’s Core Data and Risk Insights, an enterprise information governance and security solution that automatically scans, classifies and manages structured and unstructured data across the enterprise to identify sensitive information, mitigate breach costs, ensure privacy compliance and eliminate redundant or unnecessary data.
Jonathan Steyn, Senior EIM Consultant, Cyber Security Analyst and Specialist at Faranani DocTec, said: “At the heart of many data breaches lies unknown data – this creates significant security and compliance risks. ROT data also increases storage costs and attack surfaces. The goal of discovery, insights and management isn't just data clean-up, it's also about compliance.”
He demonstrated the Core Data and Risk Insights features for data discovery and classification, risk insights and visualisation to quantify financial exposure using sophisticated risk models, and data management and deletion.
The dashboards provide permanent searchable records for audit and compliance, and to help support internal investigations. It also reduces storage costs and speeds up backup and recovery, he said.
The solution is available in various packages – from scans of limited, specific data repositories to full data scans.
Share
