Covid-19 has created challenges for every industry, but how is the shift to remote working endangering company data and what can we do to protect ourselves?
Managing data protection and privacy risks while dealing with responding to the threat posed by Covid-19 is a challenge. It is important not to let this crisis lower your usual data protection standards, since they are no barrier to protecting your employees, customers and third parties. The rights and obligations conferred by data protection law are fundamental.
The virus and its fallout has affected our personal lives, our work hierarchy of needs has been impacted too. Our physical environment has changed – we now log onto work rather than going to work; our security is threatened as our online world is more susceptible to hackers; and our connections to colleagues are now predominantly through a screen.
To keep up our productivity levels we all need fast, safe and easy ways to access our work. Yet even before the pandemic many IT leaders were struggling to meet these demands and implement robust data management.
- Keeping up with the needs of a digital workplace – There’s no doubt, the way we work is changing, rapidly. But one need remains – wherever users are in the world, they all want their systems to work the way they do, in real time. The pandemic has accelerated remote-working programs at scale – 451 Research estimates there are more than 70 million of us working remotely1. And if they’re anything like us, they all expect their critical data to be at their fingertips, wherever and whenever they need it. It’s an on-demand world and tolerance for slow data restores is low.
- Struggling to contain unpredictable hardware costs – Most businesses, particularly large enterprises, have IT estates that have morphed over time. Many are still reliant on legacy systems that are feeling the strain and need onsite support. For many IT teams, it’s a case of simply managing the mess. Frustrated by the limitations (and soaring storage costs) of ageing infrastructure, IT leaders are searching for comprehensive, flexible platforms that give them real-time access and insight to their data.
- Scrabbling to manage complex data – A typical business today stores 10 times more data than a decade ago. In fact, data growth accelerated (reported as a “high watermark” of data sharing in the 2020 published UK government’s national data strategy. Data now exists in more formats than ever before and it is sprawling across a continuously growing number of devices, applications and cloud platforms. Getting full visibility of structured, semi-structured and unstructured data is extremely hard.
- Fighting to make data security a top priority – Cyberattacks spiked in the 2020, many businesses are still failing to take a recovery-first approach. We’ve all seen the headlines of disgraced companies that have been breached, yet many of us blindly believe it won’t happen to us. When a business is breached – the cost is huge. Not just fines and reputational damage – but the internal impact and user frustration of losing access to systems for a period of time.
Morten Illum, EMEA Vice President at Aruba, a Hewlett Packard Enterprise company, identifies the three key building blocks of managing data at the edge.
It is now critical that organisations understand the data they process and own, have systems that allow decision-makers to derive insight and are able to do so in a way that is both secure and compliant.
As the economic impact of coronavirus starts to come into clearer focus around the world, business leaders are starting to ask – what do we know about changing customer demands, the economic context and our business efficiency? And what are we going to do next?
In this context, data-related questions that companies have been asking IT for years have taken on a new level of significance. As they battle to bounce back, it is more critical than ever that organisations understand the data they process and own (particularly as it moves towards the edge of the network), have systems that allow decision-makers to derive insight from that data, and are able to do so in a way that is both secure and compliant.
Unfortunately, if Aruba’s latest report ‘Data to Decisions: A Rulebook to Unlock the Power of your Data’, is anything to go by most companies haven’t made as much progress in these matters as they would like. Featuring survey results from over 170 IT decision makers and network engineers in EMEA, the report examines the current state of data decision-making within organisations, and outlines a series of key steps for any organisation looking to unlock the power of data to help them make better decisions now and in the future.
So what did the report find? And what does this mean for organisations struggling to answer today’s data-related questions? Here are three of the key steps:
Rationalise: 51% of respondents identified as not being able to look at data holistically as one of their top three data challenges.
Despite the importance of data to almost every organisation, for many there is still a basic issue around understanding what data they hold and how they can use it. Addressing this problem must be the starting point for all businesses trying to get a hold of their data assets, and that means coming up with a clear and consistent plan for how data should be managed in the first place.
IT decision makers need to have a complete understanding of what data their organisation has, who is responsible for it and what the protocols around it are. There needs to be a data rulebook with clear ownership and responsibilities as well as a governance group that reports to the top.
Having interesting data is one thing, but the value it creates is closely correlated to how well organisations can rationalise and organise what they hold. Without having the basic processes in place, they’ll soon run into trouble.
Organise: 40% of respondents said one of their main challenges was the network being able to manage the increased pressure.
More and more companies are trying to bring in data-reliant technologies such as AI and automation to propel their businesses into the future. And yet these transformative technologies cannot be powered by a legacy tech stack.
So while AI application is a priority for many CEOs, some are trying to run before their networks can walk. Before they can get anywhere near the data insights such technologies promise, companies must take a step back and sort out their network infrastructure so it can cope with what is being thrown at it now – and in the future.
To do this they will need to give up the illusion of control and accept that there will continue to be a lot of unknowns in their data future. Instead, the priority is being nimble and ensuring that they have a system that can scale and adapt as their data needs evolve.
Supervise: 28% of respondents said that employees failing to comply with data policies was their biggest concern about the explosion of data.
Perhaps the most essential of all the steps is the supervision of data within an organisation that assigns ownership and access and ensures security and compliance. Hand-in-hand with the business opportunities that arise from data are the threats, problems and costs that come from failing to safely manage it.
The current pandemic makes this even more prevalent, as home working becomes the new norm. People are often the weakest link in any organisation, so organisations must train their people to pay attention to their digital habits outside the office. Here, scenario-based training has been proven as an effective way to demonstrate the different kinds of threats in a memorable way.
But security planning shouldn’t just be about prevention. Despite clear usage policies, robust systems and training, businesses need to work on the assumption that some attacks will succeed. In which case they will need to prepare a solid contingency plan along with a set of defined steps for communicating with customers and the OpSec community.
Despite some of our topline findings, there has been significant progress in recent years in how data is stored, processed and used within organisations. Many now acknowledge data as critical to optimising their business model, understanding their customers and accessing new technological opportunities. They are making commensurate investments in data skills, systems and security.
But there is still some way to go – and more steps to follow. Skills need to be enhanced across organisations and knowledge deepened in boardrooms. Priorities need to be more clearly targeted. Networks must be designed with edge capabilities and future scalability to the fore.
And there can be no let-up in pursuit of enhanced security and compliance.
Commentary: Jacob Chacko Regional Business Head – Middle East, Saudi & South Africa (MESA) at HPE Aruba
According to Trend Micro research, more than half (52%) of global remote workers have IoT devices connected to their home network, and at least 10% are using lesser-known brands. With many such devices – especially from smaller brands – having well-documented weaknesses such as unpatched firmware vulnerabilities and insecure logins, the security implications of your corporate devices now being connected to the same network and vice versa are significant.
While I am certainly not casting any aspersions on this specific crop of CES gadgets, as the lines between work and home networks continue to blur smart home devices and their apps could represent a major weak link in corporate cybersecurity chains.
So with home working likely to remain standard practice even after the vaccine rolls out, how can you ensure your business is secure no matter where, how and what employees connect to it? And perhaps more importantly, how can you do so in a way that protects employee productivity versus simply locking them out?
The way I see it, securing the new hybrid workplace is essential.
Commentary: Ammar Enaya, Regional Director, Middle East, Turkey and North Africa (METNA) at Vectra
Despite a growing appetite for public cloud in the Middle East, and major players including Microsoft, Amazon Web Services, Oracle, IBM, Alibaba and SAP establishing regional data centres, several organisations — especially in government, defence, finance and critical infrastructure — have opted to maintain mission-critical workloads in private data centres.
The decision to keep certain business-critical workloads on-prem is even pronounced when it comes to cybersecurity as regulatory and compliance frameworks can also add a layer of complexity. However, with digital forensics playing such an important role in effective threat mitigation, there is a need for an effective alternative to cloud based offerings.
In recent months, it has been proven that exposing existing security gaps, including hidden attackers within an organisation’s network, is critical for maintaining a healthy security posture. To empower security teams with the time and tools to properly conduct a proactive investigation, a data record and breakdown of network traffic is invaluable.
To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922