Subscribe
  • Home
  • /
  • Security
  • /
  • #ITWebSS2022: How to protect and govern sensitive data

#ITWebSS2022: How to protect and govern sensitive data

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 27 May 2022
Nevan Pillay
Nevan Pillay

Discovering and managing data is a challenge for organisations. Data volume is expected to double every two years, likely even more so, as the pace of digital transformation continues to pick up.

ITWeb Security Summit 2022 JHB: 31 May - 2 June; Cape Town: 6 June

The annual gathering of cyber security decision makers will feature experts from across the globe, who will discuss the most critical issues facing businesses today. Book your seat now to get up to speed on cyber security trends, solutions and best practices.

For Joburg, go here.

For Cape town, go here.

So say Microsoft’s Colin Erasmus, Modern Work and Security Business Group director, and Nevan Pillay, senior security specialist.

This, they say, is because data is created, stored and shared everywhere, particularly in an increasingly remote and hybrid work environments. "It includes platforms, apps and sources like employees, partners, customers and even bots, encompassing emails, documents, records, and both structured and unstructured data.”

An IDC cyber security survey commissioned by Microsoft, revealed that protecting data in this complex and diverse new paradigm is a challenge. According to the same survey, 25% of South African businesses failed to meet privacy regulations such as POPIA or GDPR in the past 12 months.

Additionally, keeping abreast of the ever-changing regulatory landscape, both in SA and globally, can be a challenge for organisations, they say.

Bake security into the DNA

When it comes to the steps to take when formulating a data protection governance policy, Erasmus and Pillay say the increasing awareness of data, and the accompanying threat landscape, means that organisations need to "bake information security into their DNA” and make managing data a priority, to prevent it from falling into the wrong hands.

Failure to govern data properly makes it difficult to protect, as well as comply with regulatory requirements.

The first step in this process is to identify and understand the data they have to protect and govern it properly. This can be an onerous task for organisations, particularly the larger ones. However, failure to govern data properly makes it difficult to protect, as well as comply with regulatory requirements.

This is where tools and software come in – they help identify where the data is sitting, classify it automatically, and help secure and govern it through mechanisms such as information protection and retention policies.

People, process, technology

However, investing in software solutions is only one piece of the puzzle. The key lies in the combination of people, process and technology. 

“The technology supports the people and the processes, but it is critical to have all three components to ensure successful data governance and protection. Tying these together is company culture,” add Pillay and Erasmus.

Pillay will be presenting on “How to protect and govern sensitive data,” at the ITWeb Security Summit 2022, to be held at the Sandton Convention Centre from 31 May to 2 June.

He will unpack how data protection and governance is not just an IT function, and how the responsibility lies across functional disciplines. 

He will outline why information security and data governance need to be an integral part of a company’s culture. “This requires a mindset change, and training of people about both processes and solutions to ensure that data management, governance and protection become the foundation of how an organisation does business.”

Share