KYD: Know Your Data

June 2019 Infrastructure, Security Services & Risk Management

It’s no secret that the amount of data in the world is constantly growing and it is becoming increasingly difficult to manage it all. In the security industry there are various solutions offered by vendors that allow one to quickly sift through data and (hopefully) find what you’re looking for.

While the data collected by functions such as access control, intrusion and perimeter solutions are not that large, as more security functions are being integrated with video surveillance, either through video verification or collecting data streams from a number of cameras, the data involved is becoming more problematic.

Solving the problem is not a matter of simply adding more storage. With legislation such as PoPIA and the EU’s GDPR, among other regulations and best governance and compliance practices, organisations need to know what information they have, why they collected it, and they need to adhere to regulations about how long they can or must keep it before deleting it.

This makes things more complicated. And while large enterprises are the ones with the biggest challenge, the same laws apply to smaller companies. If you have five cameras and some form of visitor management at the gate, there are rules about what information you can collect and store, as well as how you store it. The PoPIA legislation, for example, will allow individuals to ask you for all the personal information about them you have stored. If you can’t tell them or try to chase them away, there could be legal implications.

Fortunately, PoPIA seems to be taking a very long time to get all the components in place so there is still time to prepare. GDPR is already in place and although this is a piece of EU legislation, some local companies have already found themselves in trouble because of poor data management.

Data governance is not simply a matter of having a big data store that you index. This is, of course an option, but it will turn out to be an expensive and perhaps unwieldy. In addition, all companies have data with personal or sensitive information stored on paper, from printouts to faxes and perhaps even handwritten notes. And then there’s the issue of continually collecting new data, which nobody seems to be able to avoid.

Ideally, organisations would be able to store data they use on a daily basis on fast storage systems that make it available to the relevant people almost immediately, while older data and information that is only accessed occasionally can be stored elsewhere on slower media or in the cloud.

Hayden Sadler
Hayden Sadler

This type of solution is what Infinidat supplies in its ‘Elastic Data Fabric’ vision. Hayden Sadler, country manager for Infinidat SA explains that this is a software-defined storage solution, which includes onsite, cloud and hybrid storage as best fits the client.

Classification and sorting

Part of the solution is helping companies know what data it has and classifying it into various categories, with some information being needed immediately for the running of the business, while other data would only be needed infrequently, or may be stored for legal purposes – and it will need to be deleted after a time.

Infinidat uses machine learning to sift through these various categories to ensure the information required is always at hand. Of course, encryption is also standard from Infinidat solutions as it should be to ensure the security of the information one possesses.

The data is then stored on various platforms: flash storage for immediate access and other storage (like hard drives or cloud systems) for information that is not required immediately. Not only does this make data available as required without delay, but it also reduces the costs of storage as flash dives are more expensive (but much faster).

The same applies to surveillance data. Sadler says the company’s software is able to make sure video is saved on scalable storage systems that offer performance and the right capacity for the customer’s requirements.

A backup should also restore

Gerhard Fourie
Gerhard Fourie

Commvault is another company that has been in the storage and backup business for years and it has developed solutions aimed at the data governance requirements of enterprise companies. The goal, according to Gerhard Fourie, district channel manager at Commvault, is to allow companies to safely store their data across a variety of media, including cloud if required, but to also know what data they have in an auditable log.

Fourie adds that we don’t have to get too complicated when starting a data management and governance journey. A good starting point is to ensure you always have your data backed up securely. More importantly is to ensure you can restore it accurately, quickly and cost effectively should something go wrong.

He says the key to starting a compliance project is to begin by knowing what you have, whether onsite or in the cloud, and classifying it. This allows you to know what you have and where it is before moving to separating it onto primary and secondary (and other) systems. It’s worth noting that this includes ‘free flowing’ data, such as the information on laptops and mobile devices – which are often the most valuable to businesses as it includes current sales and projects etc.

For these devices, governance will include understanding what the data is and how important it is, and then implementing solutions such as encryption or the ability to locate lost or stolen devices and/or wipe them. Using more intelligence, companies can also make rules that say if a laptop has not connected to the network in a certain time frame it should be wiped.

Data governance and compliance is not an easy task, nor is it cheap. That’s why it has to be driven by regulation as companies will tend to avoid a project of this size and scope if they can. However, having a handle on your data in all formats will also provide more information and benefits to the business that will allow for more intelligent care of customers, including better insights when it comes to upselling. The trick is to make a start at understanding all the information you have stored away somewhere.

This article has been shortened. The full version is available at https://www.securitysa.com/papers/619hss46.pdf



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
The hidden cost of cheap networking gear
Duxbury Networking Infrastructure
When it comes to building a network, price is always a consideration, especially in the current economic climate, but there is a difference between smart spending and short-term savings with long-term losses.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
From the editor's desk: Showtime for Securex
Technews Publishing News & Events
We have once again reached the time of year when the security industry focuses on Securex. This issue includes a short preview, with more coming online and via our special Securex Preview news briefs. ...

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.