Subscribe
  • Home
  • /
  • Storage
  • /
  • POPI, GDPR will see data storage costs soar

POPI, GDPR will see data storage costs soar

By Marilyn de Villiers
Johannesburg, 12 Oct 2018
Eran Brown, EMEA CTO: Encryption is key to data protection.
Eran Brown, EMEA CTO: Encryption is key to data protection.

As privacy regulations become increasingly stringent across international borders, and penalties for breaches more onerous, data storage costs will continue to rise.

That's the view of Eran Brown, EMEA CTO at Israel-US data storage company Infinidat, who points out that these and similar regulations elsewhere are not confined to individual countries or regions.

The New York State Department of Financial Services' Cybersecurity Requirements for Financial Services Companies introduced in 2017, for example, applies to any financial institution that does business in New York, regardless of where it is domiciled.

He says privacy legislation and regulation such as the Protection of Personal Information Act (POPIA) in South Africa, and the European Union's General Data Protection Regulations (GDPR) will drive up the cost of data storage by between 20% and 30% in the next few years.

Brown adds that while the cost of data storage had been kept in check over the years through data reduction technologies such as data compression and deduplication, these do not work when data has been encrypted. And encryption, he says, is becoming the only way to protect data, even data that has already been hacked.

Not if, but when

"Data breaches are inevitable. The chances of any organisation sustaining an effective defence against hackers in the long term is zero," he says, citing the recent breaches of two of the largest and arguably most secure data organisations in the world, Google and Facebook.

With attack tools that can be used by almost anyone readily available on the Dark Net, where does that leave South African businesses that face huge penalties for being breached?

POPIA states that anyone benefiting from collecting an individual's data has a responsibility to protect it or face penalties, including imprisonment of up to 10 years, and/or a fine of up to R10 million.

The chances of any organisation sustaining an effective defence against hackers in the long term is zero.

Infinidat

However, if the organisation is able to prove that it acted in good faith and had taken every possible measure to protect the data, it could escape the penalties. And that, Brown says, would require the encryption of all customer data collected and stored in its systems.

According to Brown, the downside to encryption include:

* Having to train developers to get it right from both a security and a cost perspective.

* Because encryption involves a lot of mathematics, the CPU will have to work harder.

* The cost of storage. Once data is encrypted and sent to storage for five, seven or more years, it consumes significantly more capacity than when it is not encrypted.

Storage buy-in

However, Brown warns that businesses should not embark on an encryption exercise without the involvement of a storage team, whether internal or external, because there will suddenly be a huge increase in storage capacity required to accommodate it.

He cites an example in the US where a financial services company that encrypted 20PB of data suddenly had to find an additional 6PB of storage to accommodate the resultant data explosion.

"At present, storage is usually the first or second most expensive line item in any IT budget. With demand for storage likely to increase as companies are forced to encrypt their data, the costs of storage will escalate. Companies, therefore, have to find the most cost-effective solutions for their storage capacity needs without compromising performance and reliability," Brown says.

Share