Where are your crown jewels?

June 2019 Commercial (Industry), Cyber Security, Security Services & Risk Management

We have all heard of the missing sock theories and conspiracies. We know for a fact that it went into the washing machine, but it has suddenly vanished. It has to be somewhere, but where? Such a minor occurrence can be irritating, so imagine extrapolating that scenario into the business world where no one knows the whereabouts and details of huge amounts of personal data.

Craig Rosewarne
Craig Rosewarne

Consider our humble sock (data) being part of a whole bundle of washing delivered to the laundromat. Once delivery has taken place, who assumes accountability for the whole load? Ultimately it has to be the owner of the business, the data owner. Other workers may take care of different parts (pants, shirts, dry cleaning, etc.) and they take on the roles of data stewards.

Understanding what data they store and analyse is gaining increasing urgency for organisations that are now accountable to new(ish) privacy regulations such as the EU’s General Data Privacy Regulation (GDPR) and our country’s Protection of Personal Information Act (PoPIA). Historically, companies have invested in various technologies to create an inventory of their physical assets (servers, PCs, etc.) but fell behind in the latest methods to find, map and inventory their data assets.

In simple terms, the purpose of the PoPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way. The PoPIA legislation basically considers your personal information to be ‘precious goods’ (content granularity) and therefore aims to bestow upon you, as the owner of your personal information, certain rights of protection and the ability to exercise control over ownership, processing, consent, reasons, purpose, access, removal, safeguarding and accuracy (See https://www.workpool.co/featured/popi for more information).

What are the basics needed to set-up a data registry?

Create an inclusive list of what data is kept, where and why. Creating an enormous data warehouse will be simply muddying already muddy waters. Continuously backing up huge amounts of duplicated data will severely hurt your storage capabilities and add to costs. It is far more simplistic, realistic and cost effective to create the registry in an index-like map focusing on five functionality and operational characteristics:

1. Content granularity: As discussed above.

2. Usage context: This requires operational, technical and business knowledge, such as who can access this data, what applications are consuming the data, what third-parties have access to the data, what is the purpose for collecting this data and does the organisation have adequate consent to collect and process the data.

3. Data source coverage: Organisations need to create a process that covers both unstructured file shares and structured databases, big data, cloud, NoSQL, logs, mail, messaging, applications and more.

4. Ability to scale: Organisations gather and analyse tens, if not hundreds of petabytes of data. A petabyte of data is the equivalent of one million gigabytes. With increasing pressure to extract more value from data, this number is only increasing. A modern data registry not only needs to deliver an efficient index of data along with associated usage, but it must do so in a way that is scalable for a global enterprise.

Dynamic not static: Once a data registry is established, it is not the time to rest on your laurels. It must be anticipated that it could be moved or changed on a regular basis. The register should also have the ability to self-update and be compatible to any changes in as near-time as possible to provide a clear accurate picture of what data is kept where, when and who it belongs to. (See more at https://www.helpnetsecurity.com/2019/04/19/modern-data-registry/)

Enhancing the above ‘Data Governance 101’ will entail a further feature on its own. In summary, the crucial question is why this issue has become so vital to running a successful business. In the not too recent past, most companies, firms, practices and individuals had major problems in handling clients’ personal information. Remember filing cabinets groaning and bursting at the seams, personal files tattered and torn, document rooms with a rudimentary filing system that only allowed certain people with certain knowledge access?

Libraries on the other hand were (and still are) models of data governance. An experienced librarian could access the reading matter you needed in minutes thanks to the excellent Dewey Decimal Classification System. A brief no brainer would be the following benefits:

• Data sharing: Many people in a company work on the same project and easily finding a file you need and sharing it will be a load off your shoulders.

• Reusing data: Most documents can be sanitised and reused for many different projects with the minimal insertion of personal information and branding. It also helps eliminate unnecessary exchange of different versions of the same document.

• Analysing data: Management decisions rely on the analysis of data at hand to judge the direction a company is heading in. This is particularly the case in fast growing small businesses who can be caught short if the wrong choices are made.

• Backing up data: Speaks for itself. The damage a crashed hard drive can cause can be mitigated by data governance and simplified backups of data.

For more information contact Wolfpack Information Risk, +27 11 794 7322, info@wolfpackrisk.com, www.wolfpackrisk.com<a?


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Changing of the guard, AI style
June 2019, Active Track, Technews Publishing , Integrated Solutions, Security Services & Risk Management
Active Track is launching a raft of new AI-based products and services with which it intends to turn the security world as we know it on its head.

Foresight means secure offices
June 2019, Bosch Building Technologies , Commercial (Industry), CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management
If you’re responsible for a medium or large-sized office, it’s more important than ever that you have access to a means of ensuring people’s safety, managing risks and fraud, and protecting property.

Axis 7th generation ARTPEC chip
June 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
Axis has launched its 7th generation ARTPEC chip, optimised for network video, to improve all the signature Axis technologies created to address difficult light conditions.

Does green cost more?
June 2019 , News, Commercial (Industry)
GBCA, ASAQS and UP launch the 2019 edition of Green Building in South Africa: Guide to Costs & Trends.

Partnership to reduce farm violence and agricultural crime
June 2019, Fidelity ADT Security , News, Security Services & Risk Management, Agriculture (Industry)
Agri SA has partnered with Fidelity ADT, a subsidiary of the Fidelity Services Group, to offer a range of services and products to its members and the rural community.

Password awareness critical
June 2019, Kaspersky Lab , Cyber Security, Security Services & Risk Management
A recent study revealed that digital identity data and information holds significant value to cybercriminals – who craft ways of gaining this data and exploit it on the dark Web for as little as $50.

Focus on tenant safety
June 2019, Bosch Building Technologies , Fire & Safety, Commercial (Industry)
Bosch equips office buildings of Citibank Plaza and W City Centre in Manila with networked safety solution.

Kaspersky Lab to open office in Kigali, Rwanda
June 2019, Kaspersky Lab , News, Cyber Security
Kaspersky Lab has announced plans to open a new office in Kigali, Rwanda, to support the rapid growth of its business in East Africa.

Fully automated cash logistics
June 2019 , News, Security Services & Risk Management
Cash management company, Izicash, announced its adoption of Transtrack, a software solution, supported by a South African company, AllCash, which streamlines the cash logistics process.

Throwing the book at qualification fraud
June 2019, LexisNexis , News, Security Services & Risk Management
Until now, qualification fraud has not been punishable by law. However, this is set to change with the introduction of the National Qualifications Amendment Bill.