As we look to the future, our reliance on data is only going to increase. Technologies such as IoT, AI, robotics, and virtual reality are going to fundamentally change the way we work and live. The next generation of applications and the technologies they are built on rely a lot of data that will need to be protected, not only from unauthorized disclosure but from tampering to preserve the integrity of data systems. The more critical the task, the more critical it is that the data be of high quality.
Recently, I did a webinar titled, “Creating Trust in the Age of Data Driven Business” with Neil McGovern, Senior Director of Marketing, at SAP America, Inc. The discussion was an apt one for our data-driven economy and even more relevant as we look to the future and the next generation of applications and workloads.
Some key aspects of the discussion included the need for cataloging, governance, and risk management in protecting the data for next-gen apps.
Cataloging is an essential first step to understand and secure data. Cataloging, also known as data mapping or data inventorying, identifies what data the organization has and where it is stored. Data cannot be secured until a company knows what it has and where it lives. This used to be a relatively straightforward procedure when company data was stored in a centralized data repository, but the modern business has data in many places. Data may reside on end-user machines, servers, or on a host of cloud services.
The next step is governance. The company needs to set its expectations for how data is to be handled. This is especially crucial in regulated industries such as healthcare under HIPAA or those working with Europeans under GDPR.
Companies will need to establish a robust set of policies that clearly outline how the data will be handled and then communicate this to employees and customers so that customers can provide consent and employees understand how to utilize the data properly. Technical controls and mechanisms can be used to enforce policy, where applicable.
Another major component of protecting data for next-gen apps is risk management. There are many technologies and frameworks available that offer to secure data. Security budgets are limited so companies can use a risk-based approach to identify the best way to protect data within a limited budget. The risk-based approach assesses how data confidentiality, integrity, or availability could be compromised, and then determines the likelihood of this occurring and the impact if it did occur.
The next step is to determine a risk tolerance level – how much risk the company is willing to take on. Armed with a risk tolerance level and the risk assessment results, decision makers can choose to mitigate the risk by implementing controls, avoid the risk by changing a process, not collecting data, or deleting unnecessary data, transfer the risk to another party, or they may choose to accept the risk because it falls beneath the organizational risk tolerance level.
These three tips will help, but I encourage you to watch the entire webinar to learn how to create trust in the age of data driven business. Technology is entrenched in our lives, and we are already quite dependent upon data. This will only increase as our use of technology increases and becomes more integrated and personal in our lives. It is important to build frameworks that can protect data today and grow as workloads and applications evolve.