What organizations can do to mitigate threats to data management
Cybersecurity is a moving target, and new types of breaches are born seemingly daily. As soon as one type of breach can be detected and contained, another one is born. And, as a result, data management efforts can be compromised at any moment and data is virtually never safe from intrusion, or from any catalyst of data loss.
Very simply, it’s time for organizations to redouble their data management efforts and to create best practices. Without effective data management capabilities an organization will have difficulty understanding and maximizing the use of its data assets, meeting demands of ever-increasing data privacy compliance requirements, and minimizing the risks of data loss.
Let’s look at what organizations can do in 2019 to prevent or stem losses from poor data management.
Personal Data Lifecycle Management is essential to ensuring the confidentiality of an organization's data. But first comes knowledge of what sensitive data an organization has, where it resides, and only then how to securely extract it.
Breach prevention gets a boost by incorporating data minimization measures, such as appropriate archive retention, automated personal data erasure, pseudonymization, secure access control, and data breach detection.
Adding granular encryption with BYOK (Bring Your Own Key) is an effective weapon in breach prevention. If even an administrator or engineer who manages data in an organization cannot read that data, a hacker will be stopped cold – he may be effective in stealing the data, but not in using it for his own gain.
Threats to cybersecurity are considerable and are becoming worse with the proliferation of big data and its use in AI. Good practices raise awareness of cybersecurity risks and help organizations create robust, reliable and fast disaster recovery plans (DRPs) in advance. And, organizations can gain by using AI to monitor systems, detect vulnerabilities, and bridge those vulnerabilities, turning AI into a strategic asset.
Protection of Personal Data
Many organization's cloud data environments lack the technology for the effective automation of data privacy compliance, and they find it challenging to meet the requirements of the most stringent regulation for data protection, GDPR. The GDPR is unmistakably clear in articulating these protections of personal data:
- Right of Access - providing specific personal data for individual requests
- Right to Portability - providing personal data in readable format for individual requests
- Right to be Forgotten - requirement to erase personal data within 30 days of request
- Personal Data Archiving - requirement to archive personal data for an individual's consent period
- Personal Data Lifecycle - requirement for establishing a data lifecycle retention period that will erase personal data at the end of an individual's consent period
But be sure to understand the risks to data management:
- The use of multiple, disparate and geographically distributed information systems
- The considerable and ever-growing volume of data in corporate information systems
- The lack of good practices in maintaining an inventory of personal data in each system
- The complexity of GDPR compliance and the lack of tools for managing that complexity
Understanding the principle of the ownership of data and the requirements of the GDPR regulation requires a period of adaptation and accommodation of these rules.
Artificial intelligence is already shaking up the world and raising important issues for society, the economy and governance, it is a technology that is transforming all areas of life. AI systems can learn and adapt when making decisions, which is why AI is expected to make improvements in data regulations. The GDPR is a first brick of this building.
The EU has developed a set of guidelines for AI, with the goal of providing increased regulation of data. Its European approach to artificial intelligence that focuses on the following points:
- Get ahead of technological developments and encourage adoption of AI in by the public and private sectors
- Prepare for the socio-economic changes brought about by AI
- Ensure an appropriate ethical and legal framework
These guidelines allow AI to become an area of strategic importance and a key driver of economic development – demonstrating AI’s value well beyond data management.
Many enterprise organizations do not have adequate data privacy compliance automation technology in place to ensure effective personal data lifecycle management, and they may lack the ability to readily find, retrieve, retain, protect and delete personal data in accordance with GDPR and other data privacy regulations. Relying on manual processing of personal data lifecycle compliance is costly, consuming staff resources and significantly increasing the risk of a gap that may lead to expensive regulatory penalties – as well as to data breaches.
In short, the data collected today is under-exploited by AI, even as the volumes of data collected are constantly increasing. The learning is to turn AI into a strategic advantage in maintaining best practices for data confidentiality.
Many organizations using Cloud SaaS (Software-as-a-Service) applications, such as Salesforce, find that they need advanced data protection capabilities to ensure valuable data asset integrity and availability. Enterprise-level performance requires a data management platform that delivers frequent and fast backup and restore to ensure rapid recovery of data while keeping deep object relationships and personal data intact.
Ensuring confidentiality, integrity, and data availability requires a more flexible and architecturally oriented data model. Unfortunately, the vision of a solid foundation for confidentiality, integrity and availability remains just a vision – and hence is the first obstacle to establishing effective data integrity and availability. But establishing a proven data model is the antidote, putting organizations in control of their data – and their future.