KYD: Know Your Data

June 2019 Infrastructure, Security Services & Risk Management

It’s no secret that the amount of data in the world is constantly growing and it is becoming increasingly difficult to manage it all. In the security industry there are various solutions offered by vendors that allow one to quickly sift through data and (hopefully) find what you’re looking for.

While the data collected by functions such as access control, intrusion and perimeter solutions are not that large, as more security functions are being integrated with video surveillance, either through video verification or collecting data streams from a number of cameras, the data involved is becoming more problematic.

Solving the problem is not a matter of simply adding more storage. With legislation such as PoPIA and the EU’s GDPR, among other regulations and best governance and compliance practices, organisations need to know what information they have, why they collected it, and they need to adhere to regulations about how long they can or must keep it before deleting it.

This makes things more complicated. And while large enterprises are the ones with the biggest challenge, the same laws apply to smaller companies. If you have five cameras and some form of visitor management at the gate, there are rules about what information you can collect and store, as well as how you store it. The PoPIA legislation, for example, will allow individuals to ask you for all the personal information about them you have stored. If you can’t tell them or try to chase them away, there could be legal implications.

Fortunately, PoPIA seems to be taking a very long time to get all the components in place so there is still time to prepare. GDPR is already in place and although this is a piece of EU legislation, some local companies have already found themselves in trouble because of poor data management.

Data governance is not simply a matter of having a big data store that you index. This is, of course an option, but it will turn out to be an expensive and perhaps unwieldy. In addition, all companies have data with personal or sensitive information stored on paper, from printouts to faxes and perhaps even handwritten notes. And then there’s the issue of continually collecting new data, which nobody seems to be able to avoid.

Ideally, organisations would be able to store data they use on a daily basis on fast storage systems that make it available to the relevant people almost immediately, while older data and information that is only accessed occasionally can be stored elsewhere on slower media or in the cloud.

Hayden Sadler
Hayden Sadler

This type of solution is what Infinidat supplies in its ‘Elastic Data Fabric’ vision. Hayden Sadler, country manager for Infinidat SA explains that this is a software-defined storage solution, which includes onsite, cloud and hybrid storage as best fits the client.

Classification and sorting

Part of the solution is helping companies know what data it has and classifying it into various categories, with some information being needed immediately for the running of the business, while other data would only be needed infrequently, or may be stored for legal purposes – and it will need to be deleted after a time.

Infinidat uses machine learning to sift through these various categories to ensure the information required is always at hand. Of course, encryption is also standard from Infinidat solutions as it should be to ensure the security of the information one possesses.

The data is then stored on various platforms: flash storage for immediate access and other storage (like hard drives or cloud systems) for information that is not required immediately. Not only does this make data available as required without delay, but it also reduces the costs of storage as flash dives are more expensive (but much faster).

The same applies to surveillance data. Sadler says the company’s software is able to make sure video is saved on scalable storage systems that offer performance and the right capacity for the customer’s requirements.

A backup should also restore

Gerhard Fourie
Gerhard Fourie

Commvault is another company that has been in the storage and backup business for years and it has developed solutions aimed at the data governance requirements of enterprise companies. The goal, according to Gerhard Fourie, district channel manager at Commvault, is to allow companies to safely store their data across a variety of media, including cloud if required, but to also know what data they have in an auditable log.

Fourie adds that we don’t have to get too complicated when starting a data management and governance journey. A good starting point is to ensure you always have your data backed up securely. More importantly is to ensure you can restore it accurately, quickly and cost effectively should something go wrong.

He says the key to starting a compliance project is to begin by knowing what you have, whether onsite or in the cloud, and classifying it. This allows you to know what you have and where it is before moving to separating it onto primary and secondary (and other) systems. It’s worth noting that this includes ‘free flowing’ data, such as the information on laptops and mobile devices – which are often the most valuable to businesses as it includes current sales and projects etc.

For these devices, governance will include understanding what the data is and how important it is, and then implementing solutions such as encryption or the ability to locate lost or stolen devices and/or wipe them. Using more intelligence, companies can also make rules that say if a laptop has not connected to the network in a certain time frame it should be wiped.

Data governance and compliance is not an easy task, nor is it cheap. That’s why it has to be driven by regulation as companies will tend to avoid a project of this size and scope if they can. However, having a handle on your data in all formats will also provide more information and benefits to the business that will allow for more intelligent care of customers, including better insights when it comes to upselling. The trick is to make a start at understanding all the information you have stored away somewhere.

This article has been shortened. The full version is available at https://www.securitysa.com/papers/619hss46.pdf



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Read more...
Navigating the evolving tech landscape in 2024 and beyond
Residential Estate (Industry) Infrastructure
Progress in the fields of AI, VR and social media is to be expected, but what is not, is our fundamental relationship with how we deploy solutions in our business and how it integrates with greater organisational strategies and goals.

Read more...
New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Read more...
SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Read more...
Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Read more...
Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Read more...
Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

Read more...
From the editor's desk: Just gooi a cable
Technews Publishing News & Events
      Welcome to the 2024 edition of the SMART Estate Security Handbook. We focus on a host of topics, and this year’s issue also has a larger-than-normal Product Showcase section. Perhaps the vendors are ...

Read more...
Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Read more...
Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...