The role that data plays in businesses today cannot be underestimated. In fact, data is the crown jewels of modern companies because of its potential to act as a differentiator that turns insights into innovation and volume into value.
However, discovering and managing data is challenging. Data is exploding: 90% of all data ever created has been made in the past two years, and the volume of data that exists is expected to double every two years – and likely even more quickly as the pace of digital transformation continues to pick up.
This is because it is created, stored and shared everywhere, particularly in an increasingly remote and hybrid work environment. This includes numerous platforms, apps and sources like employees, partners, customers and even bots encompassing e-mails, documents, records, and both structured and unstructured data.
Protecting data in this complex and diverse new paradigm is even more challenging – and research shows that 88% of organisations no longer have the confidence to detect and prevent loss of sensitive data.
It makes sense that data protection is a top security priority for business and security leaders in South Africa, with an IDC cybersecurity survey commissioned by Microsoft finding that 66% of businesses in the country already make use of data protection technologies like data loss prevention software.
But while business leaders know that information protection and governance is a top priority and needs to lie at the heart of security for organisations today – especially as more businesses move to the cloud or adopt a hybrid computing approach – do they truly understand what it means to actually protect this data and why their computing environment needs to be underpinned by end-to-end security to protect and govern data wherever it lives and travels?
Know your data. Protect your data. Prevent data loss. Govern your data
Businesses need to understand their data landscape and identify important data across their computing environment, be it in the cloud, a hybrid approach or on-premise to protect and govern data wherever it lives and travels effectively. Key to the ability to do this is the concept of: “Know your data. Protect your data. Prevent data loss. Govern your data.”
The first step is going back to the basics in terms of understanding different categories of data, including personal, sensitive or confidential data.
The next step is evaluating what types of data business units and the organisation as a whole already have as well as what data it is generating, and how these tie into the data needs and overall business strategy of the organisation.
Access control and management is emerging as one of the key measures that businesses and security leaders can use to protect an organisation’s data
This understanding and classification of data then needs to be combined with protective measures such as applying encryption, access restrictions and visual markings such as adding sensitivity labels to documents.
Access control and management is emerging as one of the key measures that businesses and security leaders can use to protect an organisation’s data. Increasingly, this means providing conditional, just-in-time and just-enough access to give people only what they need, for as long as they need it.
It is a driving force behind the “Zero Trust” principle, which more and more businesses are adopting as their main security strategy. “Zero Trust” means trusting no individual or system, needing to explicity verify their identity, using least-privilege access to give them access only to what they need, for as long as they need it, and always assuming breach.
The sweet spot between data and security: compliance
Access control is also one of the vital parts of compliance with data regulations, which are in place not only to protect an individual’s right to privacy but also to guard what may be the source code of the organisation – in line with both a company’s internal policies as well as specific legislation. This is even more essential now that South Africa’s Protection of Personal Information Act (Popia) has come into full effect. Popia aims to regulate how organisations generate, store, manage, use and process personal data.
As such, governing data requires automatically retaining, deleting and storing data and records in a compliant manner. Currently, South African organisations are finding this a challenge: The IDC research showed that 25% of businesses failed to meet privacy regulations such as Popia or GDPR in the past 12 months.
Nearly half – 48% – of organisations are working to achieve or have achieved a basic level of Popia compliance. They have identified protecting customers’ data as their top security priority, which will involve investing in the tools and solutions needed to help identify, classify, protect and govern their data while ensuring full compliance with regulations.
These solutions – like most security measures in a rapidly changing landscape – are increasingly automated and intelligent to allow businesses to map and monitor their obligations, roles and responsibilities, and regulatory adherence end-to-end.
Taking a more automated, intelligent approach to data classification, management and governance also helps prevent data loss by preventing accidental oversharing of sensitive or confidential information – which will only become more critical as the amount of data continues to mushroom, as do the risks associated with breaches of this data.
In modern workplaces where technology, security and compliance needs are diverse and ever-changing, and the threat landscape evolves accordingly, businesses need to ensure that their entire digital world has a solid foundation of integrated, comprehensive security. And data protection and governance are the keystone to that foundation.
About Microsoft
Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organisation on the planet to achieve more. Find Microsoft South Africa on Twitter or Facebook.
- The author, Colin Erasmus, is Modern Workplace and Security Business Group lead at Microsoft South Africa
- This promoted content was paid for by the party concerned
