In today’s business environment, being able to effectively manage and protect electronic data is crucial if organizations want to minimize their exposure to risk. However, as enterprise data continues to grow exponentially, this is proving increasingly hard to manage. The resulting proliferation of fragmented, siloed data stores challenges businesses to maintain an overview of what data they have, and many are therefore failing to leverage it effectively.
To add to the complexity, two significant risk factors have recently emerged that are having a profound effect on data management systems – firstly the growing need for protection against ransomware, and secondly, the need for GDPR compliance for any organization with customers in the European Union. Although both are challenging to address, we recommend that businesses should take the opportunity to improve their systems overall.
Companies should try to avoid implementing piecemeal solutions, which simply add to the complexity of their data management systems, and instead make smart technology investments to overhaul their systems, creating modern data environments that generate new business value.
The new data management drivers: GDPR and ransomware attacks
Increasingly frequent news headlines show that ransomware attacks are on the increase. The number of large, high profile enterprises that have fallen victim demonstrates that no business is safe. The cost of these attacks is significantly worse than just data loss. At best, cleanup costs can make a serious dent in the bottom line – and in some cases, have reportedly cost hundreds of millions of dollars. While stepping up staff training and deploying network analysis will help reduce exposure to this risk, ultimately the only solution is to restore data from a well-protected online or non-erasable offline backup location.
Meanwhile, the deadline for compliance with the EU’s General Data Protection Regulation (GDPR) looms ever closer. Businesses holding any personal data of residents of the European Union need to ensure that access to this data and its use are restricted by the time the regulation comes into force in May next year. GDPR requires organizations to ensure that they have established the right processes for how data is accessed and used – and that these are embedded across the entire business – for example by adopting a ‘privacy by design’ approach where privacy is the default, and not an optional extra. The consequences of failure are some potentially hefty fines.
Turning risk to advantage
The starting point to mitigating both the risk of ransomware attack and falling foul of GDPR regulations is to gain a clear understanding of the true nature of a business’ data processes and infrastructure. Only when you have this, any organization can hope to address shortfalls strategically. For example, any GDPR compliance project should start with a detailed information audit that maps an organization’s data flows, including access rights and procedures to detect, report and investigate possible breaches and misuse. Clarifying the location and movement of data is in fact just good data management – and mapping its flow in this way will soon highlight opportunities for leveraging it in other business processes. After all, with today’s powerful analytics solutions, all data can be valuable, although it may not always be obvious at first. An effective approach to data management will also identify data held in siloes, and valuable ‘dark data’ that is not being used, and any that is not cleaned or secured. The bottom line is that fixing these issues, for GDPR compliance or not, results in data that is easier to find and leverage – and this results in better informed business insights.
A systems assessment is equally important, and helps identify whether a business is fit to withstand a ransomware attack. It is crucial to know whether, if infected, a virus can reach backups and how quickly systems can be restored after the virus has been eliminated. While you are trying to counter a ransomware attack is not the time to start looking up this sort of information! Deploying additional defenses brings further benefits – for example the data recovery systems that are needed after a ransomware attack will require protected backup systems as the final line of defense. If this is something that drives organizations to make it easier to restore damaged systems, then it’s a major benefit, not only in case of application or systems failures, but also for any users who manage to inadvertently delete important files.
No business can ignore the threat of ransomware and those dealing with European contacts cannot avoid GDPR compliance. But businesses that use these challenges as a catalyst have the opportunity not only to reduce the risks they face, but also to move to a modern, compliant and all-embracing data protection platform that delivers additional benefits.
But it’s not just about implementing technology. Developing new data management and governance capabilities requires organizations to implement operational and cultural changes. Planning this can be a daunting task, so we recommend working with a trusted advisor who can offer the hardware, software and support skills required, in addition to being able to outline the processes and cultural changes that will need to be addressed.
For more information on how to turn the challenges of ransomware protection and GDPR compliance into an opportunity, read the Inside Track document drafted for Fujitsu by independent research firm Freeform Dynamics here.