SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Preparing the enterprise for GDPR and the era of data compliance and security
Mon, 13th Nov 2017
FYI, this story is more than a year old

From autonomous cars to intelligent smart home devices, the world around us is undergoing a fundamental change, transforming the way we experience the world. But one question remains uppermost in consumers' minds—is my information safe?

Our access to mobile phones, the internet, sensor technology and other intelligent devices is causing a rapid growth in the data created, captured and analysed everyday – allowing authorities to be informed on social trends, city planning needs and to provide greater access to everyday services. Data has become critical to all our lives today and is the lifeblood of our rapidly growing digital existence.

Consumers and citizens enjoy the benefits of a digital existence, as the government and enterprises' access to a wealth of data enables more innovation, better services and greater convenience. However, the challenge faced by businesses is how to navigate and manage this unprecedented amount of information, data and content-- which is multiplying at historic rates -- while still protecting the privacy and security of every customer.

There is a significant gap between the quantities of data being produced today that needs protection and the amount that is actually being secured by the enterprises that collect it - and the gap will only get wider in the future. Every week brings another headline about security breaches exposing thousands of records to possibly malicious use.

Inevitably, criminals and cyber-terrorists have been quick to recognize the opportunities presented by the ocean of data available to them, and the much of world's regulatory authorities have responded by creating rules that formalise the steps enterprises must take to protect both customer and enterprise data.

As enterprises identify and service unique or critical data points to realize its vast potential, two crucial and interconnected factors will govern their actions. These are security and the need for regulatory compliance.

A key upcoming piece of legislation will force enterprises to develop new approaches to information management—the European Union's General Data Protection Regulation. Slated for mandatory compliance by May 25, 2018, the GDPR places significant requirements across all organizations collecting data on European residents to closely manage and track the personal information they collect.The rules affect every entity both inside and outside of Europe that holds or uses personal data of covered individuals.

Every business will need to prove it handles personal data properly. Among other requirements, it will be necessary for companies to show consent to use data collected when required, delete data or correct errors and provide copies of data when asked. To fulfill these requirements, it will be vital to track all uses of personal data and protect the privacy of the individual.

To help achieve this end, every company housing personal data collected on European residents will benefit from using an enterprise data lineage solution. These solutions can provide quick lineage reports of the source and use of data through the organization and provide on-the-spot auditing of all data flagged as personal. Without a data lineage solution, or something like it, your company may find itself halting business to provide manual reports to regulatory bodies.

Businesses in Singapore will likely be the most affected in Southeast Asia, since the country is the EU's largest commercial partner in ASEAN, accounting for slightly under one-third of EU-ASEAN trade in goods and services.

Complying with the GDPR and similar regulatory requirements such as Singapore's PDPA is a significant challenge, not least because enterprises have typically locked up vital information in departmental silos, spread across legacy and modern systems ranging from 40-year old mainframes to on-premises storage and the cloud.

A Forrester survey commissioned by ASG Technologies found that one of the key challenges identified by the enterprise architecture and operations professionals surveyed,is dealing with their firms' legacy storage or disconnected content management systems. Twenty-five percent said their ability to move content to the cloud is hampered by their existing infrastructure. Typically enterprises are adding to their technical base or technologies supported, rather than replacing them.

Clearly, businesses need to identify and deploy solutions that span traditional - new technologies, enabling them to seamlessly access their data, track its lineage across data warehouses and through transformations while maintaining the necessary information to support governance of personal data in order to demonstrate GDPR compliance.

The costs of understanding and utilizing the mass volumes of data in this complex environment are significant, but the cost of not leveraging accurate data for decision making, failing a compliance audit, or a experiencing a security breach are much more expensive,not only from the cost and lost opportunity but equally importantly from the impact on enterprise reputation.

The bonus for enterprises that address their compliance issues through the deployment of a dedicated tool-agnostic data management solution is their ability to support citizen data scientists with a deep view into the enterprise's most valuable data. Accurate representations of the data estate will support making critical business decisions faster, providing business agility that will drive immediate results and helping to build new offerings for customers.

Enterprises that identify the data that matters, and then apply the right technology to understand how it was collected, how it is used, determine its quality and the value it provides will be able to respond to immediate opportunities, compliance requests and direct strategic initiatives and will be the winners in the digital life that beckons us.