Johannesburg, 03 Oct 2018
There are a number of global trends that are affecting how organisations govern, manage and secure their business content. These include evolving service levels, digital transformation, mobility, cloud and rapidly evolving regulations.
It is, in fact, a completely different world today, compared to just a few years ago, explains Marcel Winkel, business development manager for Compliance and Risk at Micro Focus. There are many statistics to quantify these trends, with the IDC indicating that the digital universe is doubling every two years, while Gartner predicts there will be 20 billion 'things' connected to the Internet by 2020.
"Today, all of these connected devices (IOT) are feeding massive amounts and types of data into data lakes, but this in turn creates a higher risk and thus requires greater protection. Security and risk teams actually have grave concerns about these trends, which often leads to them addressing the risks by denying access to the big data. What is strange is that at the same time, big data analytics is often their number one target for spending increases from the budget of the CSO," he says.
"What is needed to overcome the risks that create this concern is to ensure that you understand exactly what data you have and where it is. Once you know this, you can take measures to protect it, something that is vital in light of newly promulgated regulations like GDPR and POPI; remember that because of these laws, your business is no longer in a position where you have a choice in this respect, you simply have to do it."
Ultimately, says Winkel, your goal should be to try and reduce the risk, cost and complexity of managing data across the organisation.
The most common data security and governance priorities that organisations have, suggests Alex Ramirez, data security sales manager for Southern and Northern Europe and SA at Micro Focus, include improving the organisation's compliance state and audit reporting, and identifying dark data and sensitive data in system repositories.
"Furthermore, enterprises seek to reduce the cost and risk associated with managing data and applications, secure and mask sensitive data to comply with internal and external regulations, minimise the disruption to services and protect IP from competitive leakage.
"There are three key axioms when it comes to managing risk. The first of these is that you can't manage or protect what you don't understand. Remember that sensitive and confidential information can reside in many different business systems, including databases for HR, finance, customer and sales, as well as file shares, SharePoint sites and e-mail servers."
These systems don't have to be active either, he continues, as they may be retired applications or abandoned SharePoint sites. The problem is, if you don't know what information resides in these systems and you don't have the tools to identify PII, PCI, PHI and corporate records, you run the very real risk of this information being exposed, lost or stolen. This will place your organisation in breach of various regulations, including privacy.
The second axiom, adds Winkel, is that you can't protect everything all the time, nor should you. Enterprises must understand and determine how they value information and what value looks like for their business, stakeholders and customers.
"For some it might be through better insight and decision-making, others might see it as reducing the cost to hold and manage information, while still others might want to adopt a user pay information service. Regardless, you need to understand the business you are in, what information you have, where it lives and the purpose it serves. Once content is identified and analysed, you can organise the data by business value, context and relevance."
"Organising the data demands an understanding of business requirements, policies, inherent information categories and prepared classification categories. Content that has been analysed and categorised can then have policy applied to drive the desired action."
The final axiom, according to Ramirez, is that a proactive approach to protecting your data and organisation with modern IT and analytics makes better business sense.
"Proactive information classification, powered by rich analytics, will allow businesses to bridge formerly distinct data silos, deliver granular insight into information, and surface only the most valuable, critical and sensitive data.
"By automating and removing costly and error-prone manual processes for accessing, understanding and applying policy to this information, classification technologies simplify the critical first step of risk mitigation, which has historically served as a barrier to accomplishing this task. Ultimately, analytics are at the heart of data management; an advanced analytics ecosystem allows organisations to proactively prepare, respond and take action to prevent risk on what matters most," he concludes.
Share