Know your data
The size of unknown risk increases with rising data levels. Organisations that understand their data and take effective control of it can reap the rewards, save costs and stop threats before they become an issue.
Most enterprises today have either already experienced, or will soon undergo, an information crisis. This is due to their inability to truly understand the value of their data and what it comprises. Knowing your data means being able to govern it effectively and track the information that is valuable, and, once you are able to do this, such data can be used to drive deeper business insights.
According to Burnet Jonker, Head of Technology for South Africa at Veritas, risk management and compliance are two key facets of information governance, which focus on minimising information risks and costs, while at the same time maximising its value to the business. This is why proper visibility of data is vital, it allows organisations to take action based on data visibility and assume direct control over its most valuable asset, data.
"Veritas's own research indicates that the average data growth is approximately 40% year-on-year, which is far faster than most businesses are capable of growing. It is this rapid rate of data growth that creates the many data management issues that need to be addressed," he says.
"Our research demonstrates that, for many CIOs, only around 28% of their company's identified information is clean data, which has a recognisable business value and thus needs to be protected and proactively managed. The rest falls into two categories: redundant, obsolete and trivial (ROT) data, which encompasses information that is duplicated, out of date or is employees' personal data; and 'dark data', which is information whose value has not yet been identified."
He explains that most of this data is of the unstructured variety, which is why it is difficult to manage and to derive value from it. This is why it is vital to clearly understand what the data is and whether it is necessary to keep it. If the data is retained, understanding what it is makes it much easier to ensure that it is actually useful to the business.
"Enterprises need to begin by undertaking an assessment of their data repositories in order to better understand who owns the data, the types of data there are, where it is located, its size and type and how it relates to the business."
"Once this is understood, organisations may begin with the quick wins that are obtained from a saving and storage point of view. Examples of such data could be old virtual images that are still being stored and backed up, or movie, e-mail and gaming-related files. You can eliminate non-business data, such as holiday photos being stored on the company server by employees. One could also look to delete or archive stale data, which is generally defined as information that hasn't been touched in at least a year."
He suggests that in a digitising world, successful organisations are those that are agile. However, for these agile businesses to be successful, their IT needs to maintain the same pace of change as the rest of the business. "Remember," he adds, "that in a world where legislation like GDPR and the POPI Act are law, companies simply cannot have their data exposed in any way.
"The good news is that here in South Africa, we are already witnessing many enterprises taking positive steps to solve their data challenges, and this is occurring even though the POPI Act is not in force yet. This indicates that they are trying to align with the new legislation before it is even signed into law, and the best way of doing this is by following the key steps outlined above.
"Moreover, as the landscape shifts and more organisations gain effective control over their data, so the focus will move to retaining control, which is far easier to achieve than gaining control from the position most are currently in, where so much of their data can be classified as 'dark'. Once your control is absolute, the next logical step is to analyse the data, using predictive analytics, in order to derive the kind of business value that makes the expenses related to retaining, storing and securing data worth the cost," he concludes.