Preparing your data for PoPI

September 2019 IT infrastructure, Security Services & Risk Management

Now is the time for companies to ensure their data is compliant with the Protection of Personal Information (PoPI) Act. Although, South African businesses have been slow on the uptake when preparing for PoPI, intelligent data management can greatly simplify this mammoth task. Wavering is no longer an option and despite the lengthy process to publish the final regulations, the next step is to establish a deadline. Thereafter, organisations will have a grace period of only one year to comply and avoid heavy fines of up to 10 million rand and other dire consequences such as imprisonment (https://www.popiact-compliance.co.za/popia-information/16-offences-penalties-and-administrative-fines).

The first step - data encryption

When it comes to protecting any information, the way data is secured across the value chain needs to be addressed first and foremost. Encryption is the gold standard for ensuring adequate protection, and while many businesses currently encrypt their data at the storage layer, this is simply no longer enough. A data breach may occur at any point, including internally and while data is in transit. Organisations will be in breach of PoPI if they cannot prove this data is protected.

The General Data Protection Regulation (GDPR) is the European equivalent of PoPI and must be adhered to by all South African companies who do business with companies based in the European Union (EU). However, GDPR enforces similar, if not stricter standards to PoPI. For example, GDPR states that if data is encrypted, in the event of a breach and data theft, compliance is still maintained, and this is not necessarily mentioned in the PoPI Act. Moreover, data must also be encrypted at rest and in transit. As a result, data needs to be encrypted end-to-end, from the storage layer right through the database to the application layer, to ensure GDPR compliance and this will in turn, guarantee PoPI compliance.

The implications of encryption on storage costs

The challenge of end-to-end encryption with data residing on certain storage media is that it can result in storage costs spiralling out of control. This is due to the fact that many of these solutions rely on data reduction such as deduplication and compression to keep storage costs down. However, these techniques cannot be used on encrypted data.

Encrypted data can result in data storage becoming between three and five times more expensive, which can have a significant impact on any businesses total cost of ownership (TCO). In addition, it can negatively affect storage performance, with a knock-on effect to the performance of the business as a whole. It is essential to implement an intelligent storage solution that will prevent this increase in cost and decrease in performance as the amount of encrypted data grows.

An intelligent solution, an intelligent choice

Storage must address three key areas, namely capacity, cost and performance. The typical way of addressing performance challenges is to utilise all-flash arrays (AFAs). However, this is very expensive and therefore achieving high capacity is costly, especially when end-to-end encryption is required since data reduction does not work with here.

Conversely, intelligent software-based solutions can address all three of these areas, using commodity hardware to control cost and increase capacity while delivering high performance. This enables end-to-end encryption to be cost effectively implemented for optimum data protection and compliance. So, is an intelligent software storage solution the answer to PoPI compliance?


Hayden Sadler

The long and short of it

If data is encrypted end-to-end, PoPI (and the GDPR) compliance is maintained, even in the event of a data breach. This means you will not be fined, your reputation will remain intact, and any negative impact resulting from a breach can be mitigated and contained. A proper encryption strategy and intelligent software-based solution eliminates the risk of sensitive data being compromised as well as the risk of a PoPI-related penalty. If you are not prepared for PoPI, the time to start is now, or face the repercussions of non-compliance that could cripple your business.

For more information, contact INFINIDAT, Sapna Capoor, scapoor@infinidat.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Accelerating global IoT deployment
October 2019 , IT infrastructure
Upcoming suite of Eseye products will deliver global IoT connectivity with near 100% coverage, automated onboarding and data provision into AWS IoT Core.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Digitising Maslow’s Hierarchy of Needs
October 2019 , Integrated Solutions, IT infrastructure
Mobile technology has the potential to change how Africa approaches patient and healthcare, says Phathizwe Malinga, managing director, SqwidNet.

Read more...
Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Read more...
Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Read more...
Edge computing ? drivers and benefits
September 2019 , IT infrastructure
Edge computing brings bandwidth-intensive content and latency-sensitive applications closer to the user or data source.

Read more...
Advanced connectivity enables fast and flexible networks
September 2019, Ruckus Networks , IT infrastructure
Advanced networking is the unsung hero of our digital future, offering a continuum of connectivity that can drive the development of new products and services and transform operating models.

Read more...
A platform approach to innovation and value
CCTV Handbook 2019, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure
Moving to the platform model of doing business holds tremendous advantages for end users and smaller developers, but also for the whole technology supply chain.

Read more...