When cloud, data, privacy and governance intersect

According to Forbes, 90% of the world’s data was created in the last two years alone, with each one of us being said to create1.7 megabytes of data every second.

With this data explosion and the internet of things revolution showing no signs of slowing down, organisations are finding themselves armed with more structured − and unstructured – data, than ever before.

It is estimated that through to 2025, global data creation is projected to grow to more than 180 zettabytes.

In 2020 – at the front end of the pandemic − the amount of data created and replicated reached a new high. The growth was higher than previously expected. Obviously, this was caused by the increased demand due to COVID-19, as more people worked and learned from home and used home entertainment options more often.

This situation has brought a significant new challenge for enterprises’ IT. Managing this data is an insurmountable task for internal teams, leading companies to rapidly adopt cloud services. Leveraging cloud allows them to benefit from infinite scale, improvements in responsiveness and agility, better consumption-based pricing, and a wider range of capabilities.

Infrastructure-as-a-service is especially useful for business services and applications such as high-performance computing and big data analytics. However, migrating sensitive and regulated data into the cloud has the potential to increase the risk and number of data breaches.

This can be attributed to a lack of awareness of cloud security policies, cloud security controls that are difficult to understand for security teams and misconfiguration − the number one cause of data breaches in the cloud.

Acceleration to the cloud

Enterprises simply don’t have the processing power to cleanse, store and manage the huge amount of data they now hold. Nor do they have the resources to offer services such as data lakes, processing and analytics that are provided on demand in the cloud.

This has led to a rapid increase in cloud adoption. Leveraging cloud services means greater business agility at a reduced cost, improved analytics and collaboration within the workforce, which in turn drives productivity.

Enterprises need to develop a strategy for cloud data security early in their cloud migration journey.

However, legacy security controls that are embedded within existing IT infrastructure are proving increasingly ineffective as data has become more pervasive, mobile and cross-functional.

With most businesses now using multiple cloud providers, protecting sensitive data across hybrid IT is increasingly challenging.

The increase in scope and scale of data breaches, coupled with the complex landscape of privacy regulations, has meant that more effective solutions are required to protect data on-premises, in cloud infrastructure and applications, and in analytics platforms.

Cloud service providers are not responsible or liable for the security of the data that customers ingest into their services. Enterprises need to develop a strategy for cloud data security early in their cloud migration journey.

It is essential to implement data-centric security, preferably prior to the sensitive data being migrated to the cloud.

Not all data is housed in the cloud

However, it is important to note that many organisations choose to adopt a hybrid model of cloud and legacy systems. The latter can be modernised in order to avoid performance deficiencies and enable digital transformation.

The pressure of security frameworks is also increasing, with the introduction of data privacy regulations − such as POPIA, GDPR, etc − adding further complexity to an already confusing and vast regulatory landscape.

The great news is that when used appropriately, customers’ data can provide valuable insights and give the company the ability to rapidly and consistently tailor and innovate product and service offerings.

With businesses increasingly looking at how the data they have can be monetised, there is potential to create new revenue streams through a variety of analytical activities, new data-driven products and services, internal cost optimisation, sales funnel optimisation and various other processes.

Whether a company produces data, aggregates it, or simply consumes it, it can realise the value of data monetisation.

For customers and enterprises to get the most value out of their data, organisations must design an end-to-end framework that delivers insight and control, data protection and usability, across the entire data lifecycle, from discovery to disposal.

This framework needs to be flexible enough to preserve brand value and boost customer trust, all while ensuring the data is leveraged to help grow the business. This translates into the requirement that data will be protected wherever it resides and however it is used.

Regulatory pressures

Regulatory frameworks are one of the most important considerations when dealing with customers’ data. However, this must be done in the context of the ever-tightening and confusing regulatory landscape.

For example, in the US alone, 10% of businesses are actively working to comply with 50 or more privacy laws.

However, 75% of organisations believe GDPR has a beneficial impact on consumer trust, and 97% recognise they were realising benefits, such as competitive advantage and investor appeal, from their privacy investments.

With so many regulations to consider, enterprises are challenged with understanding which frameworks apply to them and implementing the correct data protection policies to achieve compliance.

In my next article, I will unveil three key use cases that enterprises must address.

Link to original article...