close
close

What are the best practices for data integrity, data privacy, data security and data governance? – Intelligent CIO Africa

As African enterprises realize the value of data as a tool to generate business value and adapt their digital transformation, what are the best practices in data integrity, data privacy, data security and data governance?

To start with, it’s important to focus on understanding and managing what you currently have. This requires knowledge of how data moves within the organization, how users interact with it, what regulations apply, what are the risks and how to minimize them? Galix, Commvault and Silver Moon IT executives respond.


Ryan Boyes, Governance, Risk and Compliance Officer, Galix

Ryan Boyes, Governance, Risk and Compliance Officer, Galix

Before the advent of the Internet, companies typically operated in smaller areas and in a very isolated manner. Nowadays, ease of access to information has become crucial to the success of operations, and the ability to use data has become a factor that distinguishes itself from the competition.

However, the global, borderless nature of business also creates risks; there are many applications, systems, and endpoints, all of which present potential security vulnerabilities. The ability to work anywhere, anytime increases productivity, but it also increases security complexity. Finding the right balance between securing data and enabling access is extremely important.

Expanding into new areas can help companies grow in unprecedented ways, and technologies like the cloud have become part of this. The challenge is that data is becoming more and more distributed, and the more places that are stored, the greater the opportunity for cybercriminals and other bad actors to infiltrate networks and steal this critical business asset.

The lines between home and office have also blurred with the rise of hybrid and work-from-home workers, making it even more difficult to manage and maintain security. For the most part, companies are ill-equipped to deal with the added complexity and risk.

Technology has become such a part of our daily lives that it can be difficult to separate personal and work uses on any device, which again increases the complexity of security. Processes and protocols must be implemented, governance and compliance must be prioritized, systems must be maintained, everything must be documented and accountability is essential.

As companies transform and grow, they must strike the right balance between security and access. Too many restrictions will limit people’s ability to innovate, but too few restrictions can lead to data breaches and compliance issues.


Modeen Malik, Principal Systems Engineer, Commvault

Modeen Malik, Principal Systems Engineer, Commvault

Modern data protection platforms are designed to provide layered protection across the cloud, on-premises, and software-as-a-service and SaaS workloads, as most organizations have hybrid IT ecosystems. Effective data protection is built on three pillars – security, protection and recovery – and provides customers with true cloud cyber resilience in an ever-changing digital landscape.

This cyber resilience can be further enhanced through the use of artificial intelligence, artificial intelligence and machine learning, and machine learning capabilities that enable organizations to take proactive steps based on early warning of attacks. Early warning systems enable you to detect threats before they impact your organization’s data. This is done using intelligent decoys and threat sensors that mimic real workloads, resources, and backup environments to keep attackers away from valuable data by redirecting it to compromise fake assets.

Other key aspects of early warning include accurate alerts triggered when attacks or anomalies are detected in the environment, and threat insights that can provide detailed analysis of unusual data activities, behaviors and events. These elements must integrate seamlessly with an organization’s security stacks and can be automated using artificial intelligence to detect risk and malicious activity.

These powerful enterprise-grade data protection systems not only provide vulnerability against cyberattacks and early detection of cyber fraud ransomware. Additionally, they support business continuity and disaster recovery, BCDR plans, which allow organizations to respond faster to disruptions and minimize the effects of cyberattacks.

While data is the jewel in a company’s crown, it is also a prime target for cyberattacks. However, as threats evolve and IT resources shrink due to budget constraints, companies are increasingly challenged to protect critical business data. To effectively protect data from new and emerging threats, data protection needs to be rethought, and companies must adopt solutions that go beyond traditional backup and recovery.

That’s why it’s imperative that IT and security professionals protect their backup infrastructure from malicious attacks by ensuring data protection spans data centers, the cloud, and beyond.

Given the rapid pace at which cyber threats are evolving, this has become a focal point in most organizations’ IT landscape, highlighting the need to adopt future-proof, next-generation data protection technologies with security capabilities that include features such as cyber resiliency and data protection.

Unfortunately, data protection is still often mistakenly lumped into the category of nightly backups by many, but this is a misguided approach that puts data protection in the drawer. While routine backups will always be required – this is just one component.


Modeen Malik, Principal Systems Engineer, Commvault

Raeford Liebenberg, Manager, Silver Moon IT

Many organizations spend significant amounts of money on software designed to increase productivity and help employees become more efficient in their daily work. However, without proper software training, these benefits can often be lost. This can have a negative impact on business productivity as well as the effectiveness of the IT department as its attention is diverted from critical tasks due to the constant need for support and guidance on software-related issues.

Ensuring that all employees are trained on the software they need to use is crucial to optimizing operations, enabling IT departments to focus more, and empowering employees to learn and develop their capabilities.

Many software tools have the enormous power to change the way businesses run and operate because they can simplify tasks, facilitate collaboration, automate processes, and more. However, if people are not empowered to use the tools optimally, they may not be able to perform their tasks effectively and opportunities for innovation may be lost, ultimately leading to potential financial losses. Trying to develop tools on your own can also be frustrating for employees, creating friction that can reduce job satisfaction.

Lack of knowledge and/or confidence in the ability to use tools can result in over-reliance on IT to resolve even the smallest queries and problems. By entrusting these tasks to IT, they hinder their own development and limit their ability to fully use the software’s potential.

Additionally, a lack of software knowledge can be a burden on an already overburdened IT department, as it is constantly required to provide support and guidance on software-related issues, taking it away from focusing on more critical IT tasks such as security and maintenance system. This can result in reduced efficiency and delayed resolution of key IT issues.

Promoting and prioritizing training can pose challenges because organizations may be reluctant to devote resources and time to training initiatives, viewing them as optional or unimportant. Additionally, employees may perceive software training as time-consuming or unnecessary, failing to recognize the long-term benefits and increased productivity that come from a deeper understanding of the tools they use.

The reality, however, is that training is more than just a tick-box exercise; it is an investment in the skills of the workforce and the overall effectiveness and competitiveness of the organization. Organizations must provide resources that help employees learn more about the software they use.


Saul Wamalwa, Regional Manager for West, East and Central Africa, Commvault

As data is considered to be the new oil, good data management is crucial for enterprises as it enables greater organizational agility, better and faster decision making, and faster problem solving based on accurate and timely information. Today, very few companies do not use some elements of data in their daily operations, and organizations now have enormous potential to collect, store and analyze data to learn more about consumer behavior, market trends and other important aspects that impact their business.

Effective data management practices translate into information that can be easily accessed, analyzed, and derived actionable insights that can help make business decisions. This may include spotting patterns, forecasting future expansions, and highlighting potential areas for organizational improvement.

Additionally, proper data management can increase visibility of a company’s data assets, making it easier to quickly find the right data for a specific analysis. Data visibility not only allows a business to be more organized and productive, but it also enables employees to find the information they need to do their jobs better.

Unfortunately, many organizations in both the public and private sectors still lack visibility and understanding of where some of their key data resides. This means that sensitive information can easily end up on unauthorized devices or email accounts outside the organization without the organization even being aware of it. This naturally increases the risk of a data breach, which may have various negative consequences.

Perhaps the biggest risk associated with data breaches is reputational damage, which can lead to the loss of existing customers and the inability to attract new ones, which will have an adverse impact on a company’s financial performance. Additionally, the loss of sensitive customer data may also result in fines and penalties imposed by regulators, depending on the specific industry sector.

Data security and privacy are important data management functions that should remain relevant to businesses as more regulations emerge regarding data and how it is processed and stored.

However, in addition to ensuring that effective data management practices are in place, organizations should also regularly review and update these measures to ensure that their sensitive information is always managed and stored securely. Updating and reviewing data management practices is essential in a threat landscape that is constantly changing as hackers continue to find creative ways to compromise IT environments.

Click below to share this article