Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Compliance is a chance to become more data-driven

By Spencer Young, RVP, Imperva 

‘Data is the new oil’ is old hat. Data is so plentiful these days that it’s more like the new air. Our society runs on digital information in ways that would have been utterly imaginable just decades ago. Data runs through everything we do, and the amount in circulation is only going to increase.

To put the sheer amount of data that’s whizzing around in perspective, we currently generate about ten zettabytes of information globally every year. That’s ten trillion gigabytes, which equates to about two trillion DVDs or 62.5 billion iPod classics. If you stacked those iPods on top of each other, the tower would be 812,500 kilometres high – more than double the distance to the moon. That’s a lot of data.

Give it six years, though, and we’ll be producing eighteen times that amount – 180 zettabytes for every trip round the sun. Now you’ve got 1.2 trillion iPods. The stack is 14.6 million kilometres high. At that rate, it’d only take three and a half years to fill enough iPods to build a bridge to Mars – and Mars is a really long way away.

Using data effectively

The relatively sudden availability of all this information begs the question: what on Earth (or Mars, for that matter) are we doing with it all? For businesses, the rise in available data should be a strategic benefit – the more you know, the more intelligent your decision-making should be. That’s the theory, but is it the reality?

We pay a lot of money for data collection, hosting and maintenance, so how do we go about creating a data driven organisation that reaps the rewards of data analysis and insights? By going through the process of discovering where your most valuable data is stored, you can actually use compliance mandates as an opportunity to put data at the centre of your business.

Compliance programs, such as preparing for GDPR, provide the right level of impetus for your organisation to investigate and locate sensitive data so that you can efficiently protect these assets. By getting a better handle on where your sensitive data sets reside, and the best practice processes for overall security, you’re creating a data governance program that provides greater control over your data assets.

Practical steps

In any data governance and compliance prep program, the first step will involve an assessment of your current data environment. This should include a few different steps, starting with a discovery process and comprehensive inventory of all of your known and unknown data repositories. You’ll then need to look at how data flows within your organisation, including all of your touch points and sub-processors, before mapping out your current security and compliance technology to see where any gaps might be hiding.

For most organisations, this level of data discovery and inventory of sensitive data isn’t a process they can realistically perform manually. Many will have a combination of large and disparate database environments, so the first technology investment to look into should be in data discovery and classification.

The other important point is that data is increasingly dynamic by nature. That’s why your discovery and classification process should be occurring on a regular basis, as the nature of your data will continue to change.

But going through this process then provides you with actionable results for ongoing audits and compliance reporting. If you can leverage automation within these processes, you can also transition from basic discovery and classification to policy application, activity monitoring and user rights management – the next step in developing a robust, layered security posture. 

Business benefits

When implemented effectively, layered security allows businesses to significantly reduce the amount of private data they manage, improving overall business efficiency.Layered security also drastically reduces the risk of a data breach, while facilitating a rapid incident response and reporting process to ensure compliance with the breach notification requirements.

To ensure they get real value out of their compliance projects, companies need to ensure that their data privacy solutions meet key components of these regulations out of the box and provide the most effective automated data protection available. The best security systems help companies to understand where databases are located and what type of information they hold by automatically scanning enterprise networks – making the process of regulatory compliance smoother and giving companies a deeper understanding of what’s going on inside their systems.

With so much data now in play, businesses must prioritise the creation and maintenance of a detailed, real-time inventory of data scattered across their organisations and enable automated, scheduled scans and holistic identification of sensitive data. Once these processes are in place, the company will not only benefit from a lighter compliance admin load, but also from a more joined-up, data-centric approach to running the business.

Like all digital services, cybersecurity has a key role to play in building an effective data-handling strategy for the new data age. Businesses must take action now to ensure their defence systems are supporting the overall effort to make the most of data – as securely as possible.