Johannesburg, 06 Jan 2020
Just about every week, something happens in South Africa that makes doing business harder: risks of further ratings downgrades, load-shedding, rising inflation and fuel prices, warnings of tax increases, tightening legislation around data protection, new cyber threats…
It’s ‘business unusual’, and to survive the turmoil, organisations must make four critical changes – right now. These include focusing on compliance, security, getting insights from their data, and coming to terms with the electricity crisis, says Brian Timperley, CEO at Turrito Networks.
The good news is, for at least two of these changes, businesses already have the solutions in place – they just don’t know it.
Compliance
The regulatory framework, especially around protecting personal information, is becoming more stringent. Businesses that don’t comply with laws like POPIA are not likely to survive the consequences: fines of between R1 million and R10 million, or one year to 10 years in jail.
Yes, the greater focus on regulation is good, says Timperley, because POPIA, for example, is intended to protect individuals’ personal information. But it also puts massive responsibility on businesses to comply.
Old approach
Before POPIA, little regulation existed to govern how businesses should manage, store or protect personal information. So, they’d install document repositories with basic data access control through usernames and passwords.
“Without granular access control, anyone with a business-linked password can look through files they shouldn’t have access to. This puts the business at risk, because anyone can copy, delete or manipulate data. It also puts individuals at risk of their information ending up in the wrong hands, or on the dark Web. Both instances put businesses on the wrong side of POPIA,” says Timperley.
Most organisations already have many of the tools and solutions in place to help them with data compliance. But, in many cases, these tools are incorrectly configured, which has the opposite effect.
New approach
When tools like SharePoint and Office 365 are correctly installed and configured, data compliance can follow automatically, says Timperley.
In addition to standard access control, businesses can implement granular levels of control and data access rights, to ensure maximum information protection.
“A document management system must be properly configured so that only authorised personnel can access certain information. When an unauthorised person tries to access, copy or manipulate restricted information, the system not only stops them, but will also alert management to the fact that they tried.”
Correctly configured solutions enable different intricacies of access, like allowing one person to view data but not to edit, move or delete it, and another person to move information without seeing it, like credit card numbers from one area of storage to another. And any data that’s copied or downloaded can be encrypted and programmed to self-delete after a certain period.
“Businesses spend millions of rands on tools and solutions but are rarely assisted with configuring them correctly,” says Timperley. “They have this incredibly strong foundation with a Wendy house built on top. It’s such a waste.”
Yet with strong foundations, businesses can build solid, secure structures from scratch. And when configured properly, the solution supports very detailed access and data management, down to the individual level. This type of control automatically assists businesses with compliance because it’s impossible to circumvent the rules, says Timperley.
Security
With an increasing number of attacks originating from inside businesses, organisations need to stop thinking about security as something separate, he says.
Old approach
Traditionally, security has been one of the considerations when implementing a new solution. “Businesses would implement backup, storage, networking systems and security, isolating security as one of the important considerations,” says Timperley.
New approach
“Security needs to be synonymous with everything. It can never be separated from decision-making. Businesses need to start using language like secure networks, secure storage, secure environments, and secure backups. Nothing in the IT space should be considered without security as a primary aspect.”
Alongside compliance, security postures improve dramatically with the right access and monitoring controls.
“Businesses need to take a ‘trust no-one’ approach,” says Timperley, “while still giving people the required level of access to data to do their jobs.”
But giving them blanket access is asking for trouble. Businesses need to lock down their networks by setting up access permission for users and devices, alerting management to suspicious activity, encrypting data and conducting regular security scans.
But it’s about more than managing information. Security is also about resilience and continuity; getting back to business if something goes wrong – like a power surge damaging a server.
Power
Despite government’s insistence that there is no power crisis in South Africa, Timperley doesn’t expect the power situation to improve in the next 10 years.
Old approach
For every day of load-shedding, affected businesses lose up to four hours of productivity. Some close their doors, others work until laptop and UPS batteries die and send everyone home. Extrapolated across hundreds of thousands of businesses, the power situation will have a massive impact on revenues and the economy, says Timperley.
“We have to assume that the power problem won’t be solved anytime soon and put contingencies in place to keep operating when the lights go out.”
New approach
Businesses should ask: "What are we doing to give us the backup, resilience and uptime we need to operate when there’s no power?"
“We can’t rely solely on Eskom for power, so we have to find it elsewhere,” says Timperley. “Businesses should think about investing in UPSes and generators, so they can power the critical stuff that protects their data during load-shedding. One of the most inexpensive and sustainable ways to ensure resilience, without the high costs of alternative backup power, is cloud computing.”
Because if there’s one thing businesses can’t afford to lose, it’s their data.
Business intelligence
Getting profound insights fast is what will separate market leaders from laggards in a strained economy. In tough times, smart businesses don’t stop spending money, they spend it in the right areas: like data insights. But few South African businesses are tapping into the unknown opportunities buried in their data.
Old approach
Data silos, unintegrated systems, poor data quality and uncertainty about how to implement business intelligence are common among local organisations.
“I would say that 90% of SMEs are only getting one-dimensional insights from their data and are making decisions based on historical information,” says Timperley. “They’re looking at the finance department, separate from the marketing department, separate from operations. They don’t understand the power of being able to instantly access multidimensional insights to do comparisons they could never have dreamed of.”
Most businesses are already paying for these BI tools, he adds. They’re embedded into software like Office 365. But no one told them the power hidden inside the tools they already own.
New approach
The richness of data is significantly higher when datasets are combined, says Timperley. Businesses can start to understand the relationships between sales spikes, revenue, profit, marketing and customer demands – overnight – and start making game-changing decisions.
“SMEs probably use 10% of Office 365. Most of them have Power BI; they have access to collaboration and videoconferencing tools in Microsoft Teams; and they can enable advanced security threat protection against spam, phishing, hacking, as well as two-factor authentication. These are insanely powerful tools that they already have and are already paying for. Yet, most are also coughing up for other solutions, like Slack and Zoom.”
Again, it comes down to being sold a product, not a value-adding solution.
“The ICT and technology industry has a responsibility to empower businesses in South Africa, but many don’t. They implement a solution as quickly as possible and walk away. Educating and empowering businesses takes time and effort, so they’re often left with all this dormant potential, purely because nobody showed them how to use it.”
Change for the better
Businesses can’t operate the way they always have. Not in the current economic climate. And not if they want a right to play in the digital future.
“They’re being forced to change. Compliance is forcing them, the power situation is forcing them, new technologies are forcing them. They have to start rethinking how they do business.
“The problems we’ve experienced over the past five to 10 years are more acute than ever. Businesses don’t have the luxury of figuring it out as they go along. They have to reboot. It’s critical that they engage with a partner that can help them understand their compliance and security needs and show them how their existing technology can help them to thrive in South Africa.”
Share