South African organisations are waking up to the power of data analytics. Whether they’re working with local partners like EnterpriseWorx, Wunderbrand and Elucidate or global giants like Amazon Redshift and Google BigQuery, the genie is well and truly out of the bottle.

When done right, projects extract business-critical insight from data to drive higher revenue, reduced risk, improved productivity and enhanced customer retention. The challenge is that when data is stored and managed in large volumes, it can also expose these companies to increased cybersecurity and compliance risks.

The question is how can South African businesses manage these risks and keep internal guardians happy without impacting data utility and the success of crucial digital transformation projects? A good place to start is focusing on data-centric security.

Data at risk

Cloud computing is supercharging the analytics space by enabling firms to apply intelligent algorithms to huge volumes of data. There’s a reason the global market is predicted to grow by more than 20% (compounded annual growth rate) over the next few years to reach more than US$86-billion by 2028. As PwC South Africa identifies, the technology can be applied to every part of the value chain and every area of business decision making to stimulate innovation, optimise deals, spot growth opportunities and maximise customer lifetime value.

Yet that same data is in high demand on the cybercrime underground, and existing security controls offered by cloud service providers (CSPs) often fall short of exacting compliance requirements. The Protection of Personal Information Act (Popia), which came into force in July 2021, is now starting to bare its teeth after the Information Regulator announced the establishment of an Enforcement Committee. Organisations found to be negligent in protecting customer or employee information face fines of up to R10-million.

That’s bad news in a world where threat actors still hold many of the cards. According to one security vendor, 94% of South African IT professionals were targeted by phishing e-mails last year and 60% reported ransomware compromise. In just the first five months of the Popia, 139 South African organisations reported that they had suffered a data breach.

Internal teams often make things worse. They might begin cloud migration projects without a full data audit and classification, creating critical visibility gaps. Or project owners might attempt to handle security in-house even though skills gaps can create additional risk. And when security experts are involved from the beginning, they may apply tick-box legacy controls, which are ill-equipped to mitigate cyber risk in the cloud.

Meanwhile, compliance teams might order project owners to anonymise or mask any data they’re feeding into analytics tools, or not use sensitive data at all. While this helps with compliance, it will severely limit any potential business value that could be extracted from these digital transformation initiatives.

Analytics without compromise

Organisations instead need a way to optimise the value of the data they hold without compromising on security or compliance. They need to be able to use the data themselves, move it across any environment and monetise it by sharing securely with business partners like third-party advanced analytics firms.

To do so, they must follow several critical requirements. They need a data security solution that is sustainable and future-proofed, so that new applications can be added as the company grows and evolves. They need one that will protect data but also enable analytics to be run on it unimpeded, and which is accessible to any business user in a controlled manner. They also require technology that’s quick and easy to deploy, reduces the scope of rigorous compliance requirements like PCI DSS, and enables granular data management across the entire analytics environment. And they need any solution to do all this continuously, because the data environment is in constant flux.

Unleashing growth

Data-centric security offers the right combination of protection and flexibility for South African organisations keen to leverage cloud-based analytics. It works by applying encryption or tokenisation to the data itself, rather than relying on security controls at the endpoint, network perimeter or other layers of the IT environment. That means even if threat actors did manage to get hold of the organisation’s crown jewels, they would not be able to do anything with it.

Yet not all solutions are created equal. In analytics environments, it’s important to choose a provider that can offer dedicated data warehouse scanning capabilities. Any solution must also continuously discover and classify data wherever it is, and apply protection before it enters the cloud in order to minimise risk. That protection must also be applied in such a way as to preserve the data’s utility, such as via format-preserving encryption. And it should also support third-party identity and access management (IAM) solutions to further mitigate the risk of unauthorised access.

Finally, to optimise value, any solution should work across multiple cloud provider ecosystems and deliver centralised management and enforcement of policies for all current and future applications. A high degree of automation in data discovery, classification and protection will also ensure staff spend less time on security and compliance and more on deriving data insights. That’s what data-centric security is all about: putting streamlined checks and controls in place so organisations can unleash innovation and growth.

About comforte AG
Comforte AG has evolved into a market leader for data security and cloud-native tokenisation. Combining our experience in securing data in motion and rest, we took our portfolio one step further and created a “Data Security Platform” that seamlessly integrates into the most modern cloud-native environments as well as traditional core systems. Now more than 500 enterprises, including many Fortune 500 organisations, rely on comforte AG’s solutions to secure their data. With offices in Germany, the US, Singapore and Australia, comforte AG has a global reach.