As African enterprises realise the value of data as a tool to generate business value and to align their digital transformation journey, what are some of the best practices around data integrity, data privacy, data security and data management?
To begin with, it is important to focus on understanding and managing what you currently have in place. This requires knowledge of how data moves through the organisation, how users interact with it, and what regulations are applicable, what are the risks, and how do you mitigate them? Executives from Galix, Commvault, and Silver Moon IT respond.
Ryan Boyes, Governance, Risk and Compliance Officer, Galix
Before the Internet, businesses tended to operate in smaller areas and in a very siloed manner. Today, ease of access to information has become critical to successful operations, and the ability to leverage data has become a point of competitive differentiation.
However, the global, borderless nature of business also introduces risk; there are multiple applications, systems, and end points, all of which represent potential vulnerabilities. While the ability to work anytime, anywhere aids productivity, it also increases the complexity of security. Finding the right balance between securing data and allowing access is vital.
Expanding operations into new areas can help businesses grow in unprecedented ways, and technologies like cloud have become part of this. The challenge is that data has become increasingly dispersed, and the more places data is stored, the more opportunities there are for cybercriminals and other bad actors to infiltrate networks and steal this critical business asset.
The lines between home and office have also blurred with increased hybrid and work-from-home workforces, making security even more difficult to manage and maintain. For the most part, businesses are not adequately equipped to deal with the additional complexity and additional elements of risk.
Technology has become such a part of our everyday lives that it can be difficult to separate personal and business use on any device, which again increases the complexity of security. Processes and protocols need to be in place, governance and compliance must be prioritised, systems must be maintained, everything needs to be documented, and it is essential to have accountability.
As companies transform and grow, they have to find the right balance between security and access. Too many restrictions will limit people’s ability to innovate, but too few restrictions could lead to data breaches and compliance headaches.
Modeen Malik, Principal Systems Engineer, Commvault
Modern data protection platforms are designed to provide layered protection across cloud, on-premises and Software-as-a-Service, SaaS workloads, as most organisations have hybrid IT ecosystems. Effective data protection is provided through three pillars – secure, defend and recover – and offers customers true cloud cyber resilience in the ever-changing digital landscape.
This cyber resilience can be further bolstered by incorporating Artificial Intelligence, AI and Machine Learning, ML capabilities, which empower organisations to take proactive steps based on early warning of attacks. Early warning systems provide the ability to detect threats before they impact an organisation’s data. This is done with smart decoys and threat sensors that mimic real workloads, assets and backup environments to keep attackers away from valuable data by redirecting them to compromise false resources.
Other key aspects of early warning are accurate alerting, triggered when attacks or anomalies are detected in the environment, and threat insights that can provide a detailed analysis of anomalous activities, behaviours and data events. These elements need to seamlessly integrate with an organisation’s security stacks and can be automated through AI to detect risk and malicious activities.
These powerful, enterprise-grade data protection systems not only provide air gap protection against cyberattacks and early warning ransomware detection with cyber deception. Additionally, they support business continuity and disaster recovery, BCDR plans, which enable organisations to respond to disruptions faster and to minimise the effects of cyberattacks.
While data is a company’s crown jewel, it is also the main target of cyberattacks. However, as risks evolve and IT resources shrink to budget constraints, companies are increasingly being challenged to protect their critical business data. To effectively safeguard data from new and emerging threats, data protection must be reimagined, and companies need to adopt solutions that go beyond traditional backup and recovery.
It is therefore imperative for IT and security professionals to shield and secure their backup infrastructure from malicious attacks, with data protection coverage that layers across data centres, the cloud and beyond.
Considering the rapid rate at which cyber threats are evolving, it has become the focal point in most organisations’ IT landscapes, underscoring the need to adopt future-proof, next-generation data protection technologies with security capabilities that include features such as cyber resilience and data security.
Unfortunately, data protection is still commonly miscategorised by many as a process of nightly backups, but this is flawed thinking that puts data protection in a box. While routine backups will always be a requirement – it is just one ingredient.
Raeford Liebenberg, Manager, Silver Moon IT
Many organisations spend significant amounts on software that is designed to boost productivity and help employees to be more efficient in their day-to-day jobs. However, without appropriate training on the software, these benefits can often be eroded. This can have a negative impact on business productivity as well as the effectiveness of the IT department, as their focus is pulled from critical tasks through a constant need for support and guidance on software-related issues.
Ensuring that all staff have been trained on the software they need to use is essential for optimising the business, enabling IT to be more focused, and empowering employees in their own learning and capabilities.
Many software tools have immense power to change the way businesses run and operate, as they can simplify tasks, facilitate collaboration, automate processes and more. However, when people are not empowered to use tools optimally, they may be unable to complete their tasks effectively and opportunities for innovation could be missed, which ultimately leads to potential financial loss. It can also be frustrating for employees to try and figure tools out on their own, creating friction that can decrease job satisfaction.
This lack of knowledge and, or confidence in their ability to use tools can result in an over-reliance on IT to solve the most minor of queries and problems. By delegating these tasks to IT, they hinder their own growth and limit their ability to fully leverage the software’s potential.
In addition, lack of software knowledge can burden an already-stretched IT department, as they are constantly required to provide support and guidance for software-related issues, which detracts them from focusing on more critical IT tasks such as security and system maintenance. This can result in reduced efficiency and delayed resolution of crucial IT concerns.
Promoting and prioritising training can face challenges, as organisations may be reluctant to allocate resources and time to training initiatives, seeing them as optional or non-essential. In addition, employees may perceive software training as time-consuming or unnecessary, failing to recognise the long-term benefits and improved productivity that come with a deeper understanding of the tools they use.
The reality though is that training is more than just a tick-box exercise; it is an investment in the workforce’s skills and the organisation’s overall efficiency and competitiveness. It is important for organisations to provide the resources to help employees learn more about the software they use.
Saul Wamalwa, Regional Manager for West, East and Central Africa, Commvault
Since data is considered to be the new oil, good data management is key for businesses as it enables improved organisational agility, better and faster decision making and quicker problem-solving based on accurate, up-to-date information. There are very few businesses today that do not leverage some elements of data within their day-to-day operations, and organisations now have huge potential to gather, store and analyse data to learn more about consumer behaviour, market trends and other important aspects that have an impact on their operations.
Effective data management practices translate into information that is simple to access, to analyse and gain useful insights that can guide business decisions. This may entail spotting patterns, projecting future expansions and highlighting potential improvement zones for the organisation.
Additionally, proper data management can boost the visibility of a company’s data assets, which makes it easier to quickly find the right data for any specific analysis. Data visibility not only allows an enterprise to be more organised and productive, but also enables its employees to find the information they need to better do their jobs.
Unfortunately, many organisations across both the public and private sectors, still lack insight and understanding of where some of their critical data resides. This means that sensitive information can easily end up on unauthorised devices or email accounts outside of the organisation, without the organisation even being aware of this. This naturally increases the chances of a data breach, which can have various negative consequences.
Probably the biggest risk associated with data breaches is reputational damage, which can lead to a loss of existing customers and the inability to attract new ones, which will have an adverse effect on a business’s bottom line. In addition, the loss of sensitive customer data could also result in fines and penalties being levied by regulators, depending on the particular industry sector.
Data security and privacy are important functions of data management, which should be an important consideration for businesses, as there are a growing number of regulations that are being introduced around data and how it should be processed and stored.
However, besides ensuring that effective data management practices are in place, organisations should also review and update these measures regularly to ensure that their sensitive information is always managed and stored securely. Updating and reviewing data management practices is essential in a threat landscape that constantly changes as hackers continue to find creative ways to compromise IT environments.
