KYD: Know Your Data

June 2019 IT infrastructure, Security Services & Risk Management

It’s no secret that the amount of data in the world is constantly growing and it is becoming increasingly difficult to manage it all. In the security industry there are various solutions offered by vendors that allow one to quickly sift through data and (hopefully) find what you’re looking for.

While the data collected by functions such as access control, intrusion and perimeter solutions are not that large, as more security functions are being integrated with video surveillance, either through video verification or collecting data streams from a number of cameras, the data involved is becoming more problematic.

Solving the problem is not a matter of simply adding more storage. With legislation such as PoPIA and the EU’s GDPR, among other regulations and best governance and compliance practices, organisations need to know what information they have, why they collected it, and they need to adhere to regulations about how long they can or must keep it before deleting it.

This makes things more complicated. And while large enterprises are the ones with the biggest challenge, the same laws apply to smaller companies. If you have five cameras and some form of visitor management at the gate, there are rules about what information you can collect and store, as well as how you store it. The PoPIA legislation, for example, will allow individuals to ask you for all the personal information about them you have stored. If you can’t tell them or try to chase them away, there could be legal implications.

Fortunately, PoPIA seems to be taking a very long time to get all the components in place so there is still time to prepare. GDPR is already in place and although this is a piece of EU legislation, some local companies have already found themselves in trouble because of poor data management.

Data governance is not simply a matter of having a big data store that you index. This is, of course an option, but it will turn out to be an expensive and perhaps unwieldy. In addition, all companies have data with personal or sensitive information stored on paper, from printouts to faxes and perhaps even handwritten notes. And then there’s the issue of continually collecting new data, which nobody seems to be able to avoid.

Ideally, organisations would be able to store data they use on a daily basis on fast storage systems that make it available to the relevant people almost immediately, while older data and information that is only accessed occasionally can be stored elsewhere on slower media or in the cloud.

Hayden Sadler
Hayden Sadler

This type of solution is what Infinidat supplies in its ‘Elastic Data Fabric’ vision. Hayden Sadler, country manager for Infinidat SA explains that this is a software-defined storage solution, which includes onsite, cloud and hybrid storage as best fits the client.

Classification and sorting

Part of the solution is helping companies know what data it has and classifying it into various categories, with some information being needed immediately for the running of the business, while other data would only be needed infrequently, or may be stored for legal purposes – and it will need to be deleted after a time.

Infinidat uses machine learning to sift through these various categories to ensure the information required is always at hand. Of course, encryption is also standard from Infinidat solutions as it should be to ensure the security of the information one possesses.

The data is then stored on various platforms: flash storage for immediate access and other storage (like hard drives or cloud systems) for information that is not required immediately. Not only does this make data available as required without delay, but it also reduces the costs of storage as flash dives are more expensive (but much faster).

The same applies to surveillance data. Sadler says the company’s software is able to make sure video is saved on scalable storage systems that offer performance and the right capacity for the customer’s requirements.

A backup should also restore

Gerhard Fourie
Gerhard Fourie

Commvault is another company that has been in the storage and backup business for years and it has developed solutions aimed at the data governance requirements of enterprise companies. The goal, according to Gerhard Fourie, district channel manager at Commvault, is to allow companies to safely store their data across a variety of media, including cloud if required, but to also know what data they have in an auditable log.

Fourie adds that we don’t have to get too complicated when starting a data management and governance journey. A good starting point is to ensure you always have your data backed up securely. More importantly is to ensure you can restore it accurately, quickly and cost effectively should something go wrong.

He says the key to starting a compliance project is to begin by knowing what you have, whether onsite or in the cloud, and classifying it. This allows you to know what you have and where it is before moving to separating it onto primary and secondary (and other) systems. It’s worth noting that this includes ‘free flowing’ data, such as the information on laptops and mobile devices – which are often the most valuable to businesses as it includes current sales and projects etc.

For these devices, governance will include understanding what the data is and how important it is, and then implementing solutions such as encryption or the ability to locate lost or stolen devices and/or wipe them. Using more intelligence, companies can also make rules that say if a laptop has not connected to the network in a certain time frame it should be wiped.

Data governance and compliance is not an easy task, nor is it cheap. That’s why it has to be driven by regulation as companies will tend to avoid a project of this size and scope if they can. However, having a handle on your data in all formats will also provide more information and benefits to the business that will allow for more intelligent care of customers, including better insights when it comes to upselling. The trick is to make a start at understanding all the information you have stored away somewhere.

This article has been shortened. The full version is available at https://www.securitysa.com/papers/619hss46.pdf


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

TAPA: The role of an effective treasury function in business risk management
June 2019, Technews Publishing , News
Neil Le Roux, the Founder of Diligent Advisors will speak at the TAPA SA (Transported Asset Protection Association) annual conference on 26 July 2019.

Read more...
From the editor's desk: Of sore feet and new websites
June 2019, Technews Publishing , News
I hope everyone has recovered from the hustle and bustle of Securex. This year was once again an exhausting event and now we’re left with following up. For Hi-Tech Security Solutions it was a good show ...

Read more...
iLegal 2019
June 2019, Technews Publishing , Calendar of Events
Johannesburg, South Africa    12 September 2019 iLegal, hosted by Dr Craig Donald and Hi-Tech Security Solutions, returns in 2019 with another full-day event covering insights and advice into a range of ...

Read more...
Where are your crown jewels?
June 2019, Wolfpack Information Risk , Commercial (Industry), Cyber Security, Security Services & Risk Management
Understanding what data they store and analyse is gaining increasing urgency for organisations that are now accountable to new(ish) privacy regulations such as the GDPR and our PoPIA.

Read more...
Changing of the guard, AI style
June 2019, Active Track, Technews Publishing , Integrated Solutions, Security Services & Risk Management
Active Track is launching a raft of new AI-based products and services with which it intends to turn the security world as we know it on its head.

Read more...
A platform to the future
June 2019, Genetec, Cathexis Technologies, Milestone Systems, Gijima Electronic and Security Systems (GESS) , Integrated Solutions, CCTV, Surveillance & Remote Monitoring, IT infrastructure
With AI, IoT and cloud changing the security technology landscape, will your security management platform be able to adapt to new demands?

Read more...
Managing visitors effectively and responsibly
June 2019, Powell Tronics, IDEMIA , Vox Telecom, Technews Publishing , Access Control & Identity Management
Managing access for visitors has always been something of a balancing act between keeping unwanted people out, and letting authorised people in. Particularly in a business environment, it is also crucial to make guests feel welcome and safe.

Read more...
Hyper-converged simplicity
June 2019 , IT infrastructure, CCTV, Surveillance & Remote Monitoring
Hyper-converged infrastructure combines all of the data centre’s critical components, such as storage, networking, compute, backup and more into pre-packaged units.

Read more...
Partnership to reduce farm violence and agricultural crime
June 2019, Fidelity ADT Security , News, Security Services & Risk Management, Agriculture (Industry)
Agri SA has partnered with Fidelity ADT, a subsidiary of the Fidelity Services Group, to offer a range of services and products to its members and the rural community.

Read more...
Password awareness critical
June 2019, Kaspersky Lab , Cyber Security, Security Services & Risk Management
A recent study revealed that digital identity data and information holds significant value to cybercriminals – who craft ways of gaining this data and exploit it on the dark Web for as little as $50.

Read more...