How you can get more value from your data through discovery, intelligence and automation.
It’s time to go beyond GDPR. In the lead up to May 25th when the new EU regulation came into force, millions of emails appeared in inboxes to alert people that their right to data protection had just been strengthened. Every organization offering goods and services in the EU had to update its privacy policies and controls. There was a frenzy of activity. And then it all slowed down.
It would be tempting to think that you could stop thinking about GDPR but that’s far from the truth. Four months on, and statutory authorities are reporting a surge in complaints and breach notifications. The true extent of which, is still to be seen.
What is clear is that there has been an increased awareness around data protection and data subject rights. Not just amongst companies and individuals, but also the media as high-profile breaches are regularly front-page news.
How do you stop becoming yet another statistic or headline?
Well, firstly, you need to be proactive. Changes in data protection legislation are a wake-up call that’s driving organizations to digitally transform how they manage, store, access and utilize data. Not just in the EU, but across the globe as most nations look to bring their regulations up to a similar standard.
Customers are using these legislative changes as a catalyst for a total house-cleaning exercise to identify what data they have, where it is, what it’s for, and whether it’s still relevant. It sounds easy, but in reality, it’s proving to be quite a challenge.
I’ve talked to customers who are surprised at just how complex and labyrinthine their data landscape is, particularly in terms of unstructured datasets. A previous blog by James Kuhlke highlighted that only 14% of the average organization’s data could be classified as business critical or clean. The rest was either ROT (32%) – redundant, obsolete, or transient – or dark data that is unclassified (54%). Data has accumulated over time and has not been managed effectively, dealing with data deluge is a classic challenge.
Storing that volume of data costs money and does not yield any value. It’s not good for business and there is an increased likelihood of infringements and reputation damage should it be compromised. That insight is crucial to establishing the extent of the risk. But it’s not just about understanding the data, it’s also important to understand the vulnerabilities associated with the underpinning infrastructure due to the rise in shadow-IT and non-authorized applications across all endpoints.
Whilst most of our customers are taking precautions to enhance their external defenses, data leakages and data losses can also incur from inside the organization. For example; downloading, printing or emailing sensitive and confidential information. This is usually attributed to a lack of enforced policies on access, sharing, storage, and retention, as well as a lack of user awareness on the implications of circumventing such policies, whether deliberate or accidental.
It’s only when you understand the true extent of the risk that you can take appropriate action to reduce the probability and impact. So how do you do that? Whilst it’s tempting to say that the answer is to simply increase the level of security and protection, we know this is only part of the solution.
Security alone cannot prevent a breach.
At Fujitsu, we combine business and technical consulting with toolsets and managed services to deliver smarter data protection services using technology as an enabler. We use advanced analytics, machine learning, and automation to help you deliver optimized and exemplary data governance.
We do that by grouping our services into three core areas focusing on: locating data, managing data and protecting data. It’s important to look at these holistically to design strategies and solutions in a logical way.
With our advanced discovery services, we are ‘lifting the lid’ and helping customers to gain true insights on their data and infrastructure to determine whether policies and processes are working as they should. This means analyzing what applications and data are deployed and assessing how vulnerable they are. Threat intelligence techniques determine how vulnerabilities could be exploited or even if they’re being exploited right now! Often malware can lie dormant for quite some time.
Should a breach occur, it’s not only imperative to react quickly and efficiently but it’s also necessary to establish whether there is a high risk to data subjects. The impact can be reduced significantly by not only removing redundant, obsolete and duplicated data but taking steps to de-identify the data to such an extent that individuals cannot easily be identified or re-identified following a breach, thus lowering the economic impact of a data breach.
So, that’s why we’re investing in new technologies to automate the risk assessment process by determining how easy it is to identify an individual from the data. This utilizes sophisticated algorithms that search for combinations of personal attributes to not only establish the level of identifiable data but quantify the likely economic value of the data should it be breached.
These insights can be utilized to drive a set of defined principles and solutions combining people, process and technology. This includes refining, monitoring and proactively adapting policies to counteract the growing threat. It’s also a brilliant opportunity to truly understand how data can be utilized to achieve efficiencies, drive innovation, improve security and build trust.
Going beyond GDPR
It’s time to go beyond thinking merely of conformity to legislation like GDPR and start looking at data governance in terms of being a fundamental element of the digital transformation journey and the business advantages this entails. This is not a one-off exercise; data needs to be continuously managed, optimized and sufficiently protected in line with emerging risks, and to reflect changes in legislation and standards.
Savvy organizations are designing privacy into their DNA by ensuring that they can make the most of the data they already have, and the data they’ll continue to collect in the future.
Look at our comprehensive range of enhanced data protection tools, products and services right here and speak to us about how we can identify the insights needed to reduce the probability that you will become the next big headline!