2018 is the year to start loving your data (if you don’t already)

Arun Khehar, senior vice president, SaaS, ECEMEA, Oracle, on why data is the new oil.

Tags: Oracle Corporation
  • E-Mail
2018 is the year to start loving your data (if you don’t already) Khehar: "Governments and lawmakers are increasingly setting and enforcing (data protection) standards."
By  Arun Khehar Published  January 10, 2018

It has long been said that ‘knowledge is power’ but never has that been more pertinent than it is for businesses today. What businesses know is a key differentiator as they seek to get closer to their customers and improve their own business processes through the smarter analysis of data.

Data is an increasingly valuable asset, and those businesses best set up to extract maximum value from the data they collect and create are in a very strong position to succeed. But there are still significant hurdles to overcome, not least related to compliance and security. 

As the value of data has increased so has the scrutiny on how it is collected, stored and used, as well as who has access to it, where and when.

While headline-grabbing data breaches across the globe in all industries have put everybody on notice about the negative impact data breaches can have on enterprises and their customers, there are now additional incentives for organisations to keep their data secure. They should keep it secure because it is valuable and represents the future of their business. They should love their data and should not see keeping it secure as a chore. Every organisation should ensure its processes, its training, and its culture, are focused on recognising and respecting the value of its data. It should also have clear ownership within the organisation, in the shape of a data protection officer (DPO), working alongside a chief information security officer (CISO). 

However, the onus is not just on responsible, forward-looking organisations to determine what constitutes the right level of data protection. Governments and lawmakers are increasingly setting and enforcing the standards. 

In May 2018 the introduction of the EU’s General Data Protection Regulation (GDPR) will be the latest high profile example of new regulation imposed on the way organisations handle and use data, specifically consumer data. And while it is an EU regulation, its impact will be felt by any organisation doing business in the EU.

With companies who do not comply with GDPR facing tough financial penalties of up to 4% of their global turnover, it would be easy to assume all have rallied to ensure compliance. However, 

Gartner has predicted that 50% of companies will miss the GDPR deadline significantly.

Of course, while complying with the letter of specific laws can be a painstaking process, the wider need to continually review, refine and improve on existing compliance and security measures should be hard-wired into the ways of working of every business that handles valuable data. It shouldn’t take new regulations to make a company assess whether it is doing enough to protect its data.

So how do businesses approach the task? At the heart of GDPR is a clear focus on assessment, prevention and detection and those are useful, albeit high-level starting points for every business seeking to protect its data and treat it with respect and responsibility.

Assess: Assessment is crucial. A lot of organisations have grown in a piecemeal fashion, with lines of business working in isolation and introducing their own applications and processes. 

Similarly, some employees may, over time, circumvent rules and policies in ways that make sense to them, but which undermine data protection and compliance. Organisations need to have an accurate picture of the problems they face before they can fix them. 

Prevent: Once organisations know where their data resides and how it is used, they need to be able to set and enforce rules and implement robust defences that prevent unauthorised actions.  This includes protecting against threats inside and outside the organisation, whether accidental or malicious. The next step is taking measures to prevent anybody outside the organisation, or anybody without privileged access, from using sensitive data. 

Encryption is one highly effective tool to accomplish this, as are tokenisation, data masking, anonymization and robust access controls.  Businesses should also review the data they use to understand what controls are best suited to each circumstance. For example, anonymising customer data may have little impact its usefulness for analysing sales trends but does dramatically reduce the sensitivity of that data.

Detect: Vigilance is a vital part of compliance and security best practices. Automation can play a significant role in identifying anomalous behaviour and implementing defensive measures, based on established threat criteria. Systems need to be able to make smart assessments of who is accessing information, as well as when and why, and base responses on pre-agreed threat criteria, such as locking out a user before they are able to access, move or use sensitive data.  

Deadlines such as GDPR do a good job of focusing the mind, but while regulations may seem onerous, businesses should not wait for regulatory encouragement to treat their data as precious. As a sign of their ambition to succeed in a data-driven economy, where knowledge is most definitely power, businesses should love their data enough to want to protect it at all costs.  

If they do, they will have the confidence and capability to really explore the full value of their data. 

Because compliance is the starting point for digital success, not an end in its own right. In a data- driven economy, compliance is a necessity, but it is not a differentiator. How businesses use their data to unlock valuable insights and design new businesses models and better tailor services to their customers will be what sets them apart and what makes them love their data even more.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code