We have witnessed an explosion in data. Driven by the growth in connected devices, it’s predicted that more than 79 zettabytes of data will be generated in 2025.
This has changed the landscape of almost every enterprise, affecting IT teams on virtually every level. They are being forced to find new ways to store, manage, protect and efficiently utilise this information. The consequences for failing to do so can range from missing opportunities to, in the case of breaches, reputational damage, financial loss and regulatory punishment.
Added to this is the pandemic-driven demand for remote working, adding a new layer of complexity to the challenges of securing critical data.
Is this proving too much for enterprise security functions? It certainly seems to be the case that in the early stages of crisis, employers were prioritising continuity of service over data protection. The rapid introduction of collaboration tools and employees’ own devices may have kept the wheels turning as staff worked from home, but in the rush to make this a reality, organisations were perhaps inadvertently taking dramatic risks with employee and customer information.
Given the proliferation of poor data privacy and management strategies and the wide-spread use of consumer-led remote workings apps, it can only be a matter of time before we begin to see data breaches and hacks directly linked to pandemic-driven working changes.
In order to avoid this, organisations must adopt operating practices that places privacy at the heart of their data management strategies.
But how?
Delivering balance: Productivity and Security
It is about balance. There is a pressing need for all organisations to ensure that productivity and connectivity remain consistent, yet this has to be done in a secure manner.
Consider, for instance, the need to have documentation, including playbooks and running sheets, centrally located and easily accessible for all team members remotely. Cloud computing offers a route to this, but simply moving an on-premises workload to the cloud will prove to be a perilous and potentially reputation-damaging move.
The accepted view is that data storage and management in the cloud is a cheap and easy solution for the enterprise. However, that does not isn’t necessarily make it the right choice for most organisations, and even less so for government entities.
Just as applications cannot simply lift and shift in the cloud, so it is also true that legacy policies and procedures should not simply be applied to the deployment of cloud environments. More agile technologies require similar approaches to security.
Every organisation has information they need to protect, whether that’s products in development, customer or user data, contracts, financial reports and other sensitive material vital to day-to-day operations. However, most enterprises do not operate a strict classification system through which they can define access policies. If they were to categorise data based on sensitivity, they could determine, for example, that a sales manager needs data relating to their accounts, but not necessarily company financials, employee contracts or even information relating to other accounts.
Once that categorisation has been undertaken, it is time to think about how a decentralised workforce will access, store and share information. Does each byte of data need to be encrypted, or will a secure connection be enough? How should that affect the environment in which it is stored? What about the use of mobile and laptops? Again, relevant customer accounts could be available through most endpoints, but financials could require a specific type of device, coupled with multi factor authentication and other security protocols.
By taking this graded approach and matching access policies with user and device identification, enterprises can balance the need to secure data in all environments, whether cloud or on-premises, with the requirement to access it remotely.
A new approach to data management for a new approach to working
As enterprises adapt to more decentralised ways of working, and that data protection challenges that brings, adopting an appropriate strategy now may be the most critical IT decision they make all year.
This much is clear – while the global pandemic is upending ‘business as usual,’ enabling the secure collaboration and communication for employees has never been a more business-critical issue.
That means having a more streamlined, agile approach to data management and compliance. One that defines storage and access through categorisation of data. By doing this, enterprises can deploy the environments their data needs in order to achieve the balance between complete security and agile working.