Subscribe
  • Home
  • /
  • Storage
  • /
  • Information management: It’s time to raise the security bar

Information management: It’s time to raise the security bar

The need to competently and agilely manage, analyse and safeguard vast caches of valuable corporate data has become a vital necessity.
Paul Stuttard
By Paul Stuttard, Director, Duxbury Networking.
Johannesburg, 08 Apr 2021

In the corporate world, the volume of information in circulation is rising exponentially. It is estimated that the total amount of data created, captured, copied and consumed globally in 2020 was in excess of 59 zettabytes (one zettabyte is equal to a trillion gigabytes).

Moreover, an annual growth rate of 26% is expected, leaving organisations within many sectors of the economy to grapple with the challenges of managing mushrooming amounts of data generated by a host of new-generation systems, including Internet of things devices and sources linked to artificial intelligence and machine learning solutions.

The value of data is also steadily rising as organisations increasingly rely on the availability of interrogable data to help understand, streamline and optimise business processes taking into account a broad range of issues ranging from production efficiencies to product positioning and strategic planning.

For most businesses, improving proficiencies translates into marketplace advantages such as improved customer experiences and loyalty which, in turn, equate to increased profits.

With the speed at which decisions have to be taken in today’s competitive business environment, organisations are demanding increases in raw data storage, ramped-up processing power as well as stronger analytics capabilities in order to achieve their business objectives.

Competently managing vast caches of valuable corporate data has become a vital necessity, as has the need to perform data analytics functions in a methodical, orderly and logical manner. Information management systems are increasingly challenged to accommodate several methods of analysis while facilitating detailed, accurate information dissemination on demand.

For organisations, this level of agility has become essential in order to respond timeously to changing markets and keep ahead of the competition.

Significantly, management of information at this level would not be possible without the value-add that IT brings to the table.

Information management and IT are now inseparable partners and inextricable allies in the quest to meet the demands of corporate managers.

Against this backdrop, the acquisition and implementation of modern management information systems (MIS) is on the rise. At the same time, complementary tools such as enterprise resource planning, customer relationship management, knowledge management, decision support system and business intelligence continue to gain acceptance.

Inevitably, any discussion on data sourcing and management leads to questions concerning data security.

Also gathered under the MIS umbrella are systems aimed at process control, human resource management, strategic sales and marketing, inventory control, office automation, as well as accounting/finance and management reporting.

Inevitably, any discussion on data sourcing and management leads to questions concerning data security. How should valuable data be safeguarded against being lost, destroyed or – most critically – falling into the hands of miscreants?

The average cost of a data breach, according to a study conducted by the Ponemon Institute in 2017, was $3.62 million. Last year, there were more than 1 000 serious, multimillion-dollar corporate data breaches involving companies in the US alone.

To counter this trend, organisations are turning to information security management systems (ISMS). At the core of these cloud-based solutions is a set of policies, procedures and workflow protocols geared to protect sensitive data, secure against data breaches and limit the damage should a breach occur.

An ISMS encompasses a broad spectrum of extremely sensitive organisational data, including corporate financial records, customer profiles and banking details as well as e-mails, reports, stock holdings, service records and much more.

The establishment of an ISMS is an important first step in securing corporate data, while the upskilling of employees and the fostering of a culture of compliance in terms of security procedures are also imperative.

The next step involves raising the security bar by setting up a framework of standards for how information and data should be managed – physically and in the cloud − in order to fully comply with business, contractual and legal requirements.

Ideally, this involves building an ISMS in compliance with the latest ISO/IEC 27001 information security standard as published by the International Organisation for Standardisation (ISO), in partnership with the International Electrotechnical Commission (IEC). Both are leading international organisations that develop international standards.

Currently, there are only a few ISO/IEC 27001-certified vendors in the enterprise networking space that are able to assist organisations with meeting the strict prerequisites associated with this global standard.

Nevertheless, organisations locating such a partner could gain the necessary knowledge and have access to the expertise needed to implement an ISO/IEC 27001-certified ISMS without delay. This would demonstrate to business associates and stakeholders that one of the most appropriate, accepted and venerated worldwide standards for securing informational assets had been applied.

Undoubtedly, ISO/IEC 27001 compliance provides a business advantage, allowing certified organisations – particularly banks and other financial institutions − to reap the benefits coupled with universally accepted best practices for information security management.

Essentially, the ISO/IEC 27001 standard defines and mandates a process for establishing, implementing, maintaining and continually improving an ISMS. It also defines security controls covering personnel, physical security, logical security, security systems and business continuity.

In implementing an ISO/IEC 27001-compliant ISMS, an organisation is obligated to identify and evaluate its assets, conduct a risk assessment and document all its established policies and procedures. Accredited auditors then perform an assessment of the ISMS to validate compliance before a certificate is issued.

In order to maintain ISO/IEC 27001 certification, the ISMS is required to be reviewed and updated regularly in order to reflect the evolving information security environment and verify the adoption of new approved best practices for data security.

Because risk management is an essential and central component of ISO/IEC 27001 compliance, organisations are able to clearly identify threats, understand and minimise risks while building on their strengths as they formulate plans for the future.

Share