Significant security risks for South African businesses as dark data grows to nearly half of all stored information, finds Veritas study

While the adoption of cloud services is growing, businesses are using the cloud as a dumping ground for ‘dark’ and ROT data, opening themselves up to cyber attacks.

Johannesburg, 24 Mar 2020
Read time 6min 20sec

South African organisations are struggling more than ever before to manage their data, with almost half (49%) of enterprise data now considered ‘dark’ (unclassified and untagged), an increase from 41% since last year, reveals the latest South Africa Databerg 2020 report from Veritas Technologies, a global leader in data protection and availability.

The study surveyed 100 IT leaders across multiple sectors in SA to understand how organisations are handling the growing ‘Databerg’ and dealing with the challenges around turning data into valuable business information.

“Business data in SA increasingly resembles an iceberg,” explains David McMurdo, regional director: South Africa, Veritas Technologies. “While just a small portion is visible, nearly 90% is obscured; it's a danger that lies in wait for businesses that fail to recognise that it’s there. Unless businesses can address this ‘Databerg’, they could face a magnitude of challenges, from cost to compliance.”

In addition to the growth of ‘dark’ data, the report reveals that the percentage of data which is Redundant, Obsolete and Trivial (ROT) data has also risen in the last year from 31% to 40%. This growth may, in part, be attributed to South African companies sending more data to the cloud than ever before, up to 46% from 39% last year, seemingly without first getting proper visibility into what that data is and filtering out information that is sensitive or lacks business value.

Preventing the growth of a ‘Databerg’ is not a simple matter of slowing down cloud usage. Cloud services are being adopted for good reason, with the aim of reducing the cost of backup and recovery emerging as the top factor for nearly two-thirds (61%) of the companies surveyed. Additionally, reducing the costs of disaster recovery was revealed as being the fastest-growing reason to move data to the cloud: up to 54% from 45% last year.

“The irony is that businesses will only really achieve the cost benefits of cloud migration if they’re following best practices for data management,” explains McMurdo. “Paying a monthly storage fee to keep ROT data in the cloud is a total waste of money. Using the cloud as a dumping ground to offload dark data won’t help businesses extract the full value of it.”

Managing complex multi-cloud environments is also proving difficult for many South African organisations. Although most respondents (97%) said they try to centralise cloud reporting from multi-vendor backup, storage and virtual infrastructures, a quarter of those are doing so manually. This is particularly true in larger companies with 3 000 to 5 000 employees, which tend to store more data and have also seen an increase in cloud usage from 44% last year to 50% this year. The combination of rapid data growth and manual management processes may have contributed to their significant leaps in dark and ROT data in the last year, from 35% to 47% and from 31% to 42%, respectively.

“South African businesses need a better and simpler way to manage their data in complex IT environments, especially as we edge closer to the implementation of the Protection of Personal Information Act (POPIA) in the coming months. Embracing the cloud can help businesses to ensure their data is always available and protected. But if businesses fail to automate cloud management processes, they risk being overwhelmed by the influx of data, leading to even more dark and ROT data,” said McMurdo.

Data protection misconceptions

Cloud adoption has reached an all-time high in SA, with almost half (46%) of all enterprise data now sitting in the cloud: up from 39% in 2019. But organisations are still way off their projected cloud targets. Last year, businesses estimated that 51% of their data would be in the cloud by 2020, but they now estimate that they won’t achieve this figure until 2021. Furthermore, 32% of South African organisations say that they plan to continue to store data on primary disc devices.

Despite data protection being the number-one driver for moving to the cloud, ironically, protecting data in the cloud is still one of the biggest challenges for many South African organisations. While 87% of respondents estimate that their organisation can recover from a major data loss incident in a week or less, only 11% say they can recover within the same day. This creates a significant risk for most organisations that could be left vulnerable to the financial and reputational costs of trying to survive without their data for a week or more.

Additionally, many companies still face confusion over who is responsible for data protection in the cloud; just 6% believe that protecting their data in the cloud is their sole responsibility, when this is almost always the case.

“The benefits that cloud has to offer are vast. But mismanaging data in the cloud or failing to take responsibility for it puts companies at major risk of cyber attacks, penalisation from regulators, or worse: crippling reputational damage,” says McMurdo. “These businesses need to act fast by investing in technology that can help them protect their data regardless of where it resides. 

“Meanwhile, there’s a silver lining for those that haven’t yet reached their cloud migration ambitions: they have an opportunity to learn from the mistakes of others, by eliminating dark and ROT data before moving it to the cloud. This will not only help minimise the growth of a Databerg that could potentially sink their business, it can also help companies sail ahead of the competition.”

To find out more about how Veritas can help abstract complexity from your IT environments, visit

About the 2020 South Africa Databerg Report

This research was conducted independently by Coleman Parkes, surveying 100 South African IT leaders across multiple sectors and job roles to gain insight into how South African organisations are handling the growing Databerg.

The concept of the ‘Databerg’ is key to understanding the issue of modern data management. Much like the surface of an iceberg potentially hiding a lurking danger, the Databerg is a place where a business’s best and worst data hides. Above the surface, the ‘top’ of the Databerg, is the clean data. This is business-critical tagged and classified data, which supports the smooth running of businesses today.

Immediately beneath the surface is redundant, obsolete and trivial (ROT) data. This is tagged, and so also classified, data, but with minimal value to the organisation.

The remaining data is dark data; untagged and unknown. There is no real insight into the information dark data holds. As a result, there is no telling whether the data is ROT, which can be securely disposed of, or if it contains valuable, as-yet-unseen operational insights. This means dark data can be an asset, containing valuable information an organisation can act on. It can also be a risk, hiding threats and potential costs out of sight and out of control, leaving them to grow in the dark.

Veritas Technologies

Veritas Technologies is a global leader in data protection and availability. Over fifty thousand enterprises—including 99% of the Fortune 100—rely on us to abstract IT complexity and simplify data management. Veritas Enterprise Data Services Platform automates the protection and orchestrates the recovery of data everywhere it lives, ensures 24/7 availability of business-critical applications, and provides enterprises with the insights they need to comply with evolving data regulations. With a reputation for reliability at scale and deployment models to fit any need, Veritas supports more than 500 data sources and over 150 storage targets, including 60 clouds. Learn more at Follow us on Twitter at @veritastechllc.

Editorial contacts
Masindi Mamphiswana (+27) 11 463 2198
Jolene Devine (+27) 82 461 6542