KYD: Know Your Data

June 2019 Infrastructure, Security Services & Risk Management

It’s no secret that the amount of data in the world is constantly growing and it is becoming increasingly difficult to manage it all. In the security industry there are various solutions offered by vendors that allow one to quickly sift through data and (hopefully) find what you’re looking for.

While the data collected by functions such as access control, intrusion and perimeter solutions are not that large, as more security functions are being integrated with video surveillance, either through video verification or collecting data streams from a number of cameras, the data involved is becoming more problematic.

Solving the problem is not a matter of simply adding more storage. With legislation such as PoPIA and the EU’s GDPR, among other regulations and best governance and compliance practices, organisations need to know what information they have, why they collected it, and they need to adhere to regulations about how long they can or must keep it before deleting it.

This makes things more complicated. And while large enterprises are the ones with the biggest challenge, the same laws apply to smaller companies. If you have five cameras and some form of visitor management at the gate, there are rules about what information you can collect and store, as well as how you store it. The PoPIA legislation, for example, will allow individuals to ask you for all the personal information about them you have stored. If you can’t tell them or try to chase them away, there could be legal implications.

Fortunately, PoPIA seems to be taking a very long time to get all the components in place so there is still time to prepare. GDPR is already in place and although this is a piece of EU legislation, some local companies have already found themselves in trouble because of poor data management.

Data governance is not simply a matter of having a big data store that you index. This is, of course an option, but it will turn out to be an expensive and perhaps unwieldy. In addition, all companies have data with personal or sensitive information stored on paper, from printouts to faxes and perhaps even handwritten notes. And then there’s the issue of continually collecting new data, which nobody seems to be able to avoid.

Ideally, organisations would be able to store data they use on a daily basis on fast storage systems that make it available to the relevant people almost immediately, while older data and information that is only accessed occasionally can be stored elsewhere on slower media or in the cloud.

Hayden Sadler
Hayden Sadler

This type of solution is what Infinidat supplies in its ‘Elastic Data Fabric’ vision. Hayden Sadler, country manager for Infinidat SA explains that this is a software-defined storage solution, which includes onsite, cloud and hybrid storage as best fits the client.

Classification and sorting

Part of the solution is helping companies know what data it has and classifying it into various categories, with some information being needed immediately for the running of the business, while other data would only be needed infrequently, or may be stored for legal purposes – and it will need to be deleted after a time.

Infinidat uses machine learning to sift through these various categories to ensure the information required is always at hand. Of course, encryption is also standard from Infinidat solutions as it should be to ensure the security of the information one possesses.

The data is then stored on various platforms: flash storage for immediate access and other storage (like hard drives or cloud systems) for information that is not required immediately. Not only does this make data available as required without delay, but it also reduces the costs of storage as flash dives are more expensive (but much faster).

The same applies to surveillance data. Sadler says the company’s software is able to make sure video is saved on scalable storage systems that offer performance and the right capacity for the customer’s requirements.

A backup should also restore

Gerhard Fourie
Gerhard Fourie

Commvault is another company that has been in the storage and backup business for years and it has developed solutions aimed at the data governance requirements of enterprise companies. The goal, according to Gerhard Fourie, district channel manager at Commvault, is to allow companies to safely store their data across a variety of media, including cloud if required, but to also know what data they have in an auditable log.

Fourie adds that we don’t have to get too complicated when starting a data management and governance journey. A good starting point is to ensure you always have your data backed up securely. More importantly is to ensure you can restore it accurately, quickly and cost effectively should something go wrong.

He says the key to starting a compliance project is to begin by knowing what you have, whether onsite or in the cloud, and classifying it. This allows you to know what you have and where it is before moving to separating it onto primary and secondary (and other) systems. It’s worth noting that this includes ‘free flowing’ data, such as the information on laptops and mobile devices – which are often the most valuable to businesses as it includes current sales and projects etc.

For these devices, governance will include understanding what the data is and how important it is, and then implementing solutions such as encryption or the ability to locate lost or stolen devices and/or wipe them. Using more intelligence, companies can also make rules that say if a laptop has not connected to the network in a certain time frame it should be wiped.

Data governance and compliance is not an easy task, nor is it cheap. That’s why it has to be driven by regulation as companies will tend to avoid a project of this size and scope if they can. However, having a handle on your data in all formats will also provide more information and benefits to the business that will allow for more intelligent care of customers, including better insights when it comes to upselling. The trick is to make a start at understanding all the information you have stored away somewhere.

This article has been shortened. The full version is available at https://www.securitysa.com/papers/619hss46.pdf



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Read more...
From the editor's desk: Securing your secure access
Technews Publishing News & Events
      Welcome to SMART Security Solutions’ first print publication of the year, the SMART Access & Identity Handbook 2024. In this issue, we cover various issues relevant to this industry, from digital to ...

Read more...
Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Read more...
International access manufacturer sets up shop in SA
Technews Publishing Access Control & Identity Management News & Events Products & Solutions
The South African security market can always use some good news, and this year, STid has obliged by formally entering the South African market, setting up its main office in the Boomgate Experience Centre in Roodepoort, Johannesburg.

Read more...
What you can expect from digital identity in 2024
Access Control & Identity Management Security Services & Risk Management
As biometric identity becomes a central tenet in secure access to finance, government, telecommunications, healthcare services and more, 2024 is expected to be a year where biometrics evolve and important regulatory conversations occur.

Read more...
Access and identity in 2024
Technews Publishing Gallagher HID Global IDEMIA Ideco Biometrics Enkulu Technologies neaMetrics Editor's Choice Access Control & Identity Management Integrated Solutions
SMART Security Solutions hosted a round table discussion with various players in the access and identity market, to find out what they experienced in the last year, as well as their expectations for 2024.

Read more...
The promise of mobile credentials
Technews Publishing Suprema neaMetrics HID Global Editor's Choice Access Control & Identity Management IoT & Automation
SMART Security Solutions examines the advantages and disadvantages of mobile credentials in a market dominated by cards and fobs, in which biometrics is viewed as a secure alternative.

Read more...
Cloud-based access control systems
Technews Publishing Salto Systems Africa Access Control & Identity Management
Cloud-based access control systems are finding greater acceptance in international organisations than in SA; SMART Security Solutions asked SALTO Systems for its take on the benefits of cloud.

Read more...
From the editor's desk: A sad but exciting goodbye
Technews Publishing News & Events
Welcome to the final monthly issue of SMART Security Solutions. This is the last issue of the year and the last monthly issue we will print. The SMART Security Solutions team wishes all our readers and advertisers a relaxing festive season and a peaceful and prosperous 2024.

Read more...
Enhanced cellular connectivity is critical for farm safety
Infrastructure Agriculture (Industry)
In South Africa, the safety of our rural communities, particularly on farms, is a pressing concern. Nearly 32% of South Africa’s 60 million people live in these areas, where security challenges are constantly in the spotlight.

Read more...