printer friendly version

KYD: Know Your Data

It’s no secret that the amount of data in the world is constantly growing and it is becoming increasingly difficult to manage it all. In the security industry there are various solutions offered by vendors that allow one to quickly sift through data and (hopefully) find what you’re looking for.

While the data collected by functions such as access control, intrusion and perimeter solutions are not that large, as more security functions are being integrated with video surveillance, either through video verification or collecting data streams from a number of cameras, the data involved is becoming more problematic.

Solving the problem is not a matter of simply adding more storage. With legislation such as PoPIA and the EU’s GDPR, among other regulations and best governance and compliance practices, organisations need to know what information they have, why they collected it, and they need to adhere to regulations about how long they can or must keep it before deleting it.

This makes things more complicated. And while large enterprises are the ones with the biggest challenge, the same laws apply to smaller companies. If you have five cameras and some form of visitor management at the gate, there are rules about what information you can collect and store, as well as how you store it. The PoPIA legislation, for example, will allow individuals to ask you for all the personal information about them you have stored. If you can’t tell them or try to chase them away, there could be legal implications.

Fortunately, PoPIA seems to be taking a very long time to get all the components in place so there is still time to prepare. GDPR is already in place and although this is a piece of EU legislation, some local companies have already found themselves in trouble because of poor data management.

Data governance is not simply a matter of having a big data store that you index. This is, of course an option, but it will turn out to be an expensive and perhaps unwieldy. In addition, all companies have data with personal or sensitive information stored on paper, from printouts to faxes and perhaps even handwritten notes. And then there’s the issue of continually collecting new data, which nobody seems to be able to avoid.

Ideally, organisations would be able to store data they use on a daily basis on fast storage systems that make it available to the relevant people almost immediately, while older data and information that is only accessed occasionally can be stored elsewhere on slower media or in the cloud.

Hayden Sadler

This type of solution is what Infinidat supplies in its ‘Elastic Data Fabric’ vision. Hayden Sadler, country manager for Infinidat SA explains that this is a software-defined storage solution, which includes onsite, cloud and hybrid storage as best fits the client.

Classification and sorting

Part of the solution is helping companies know what data it has and classifying it into various categories, with some information being needed immediately for the running of the business, while other data would only be needed infrequently, or may be stored for legal purposes – and it will need to be deleted after a time.

Infinidat uses machine learning to sift through these various categories to ensure the information required is always at hand. Of course, encryption is also standard from Infinidat solutions as it should be to ensure the security of the information one possesses.

The data is then stored on various platforms: flash storage for immediate access and other storage (like hard drives or cloud systems) for information that is not required immediately. Not only does this make data available as required without delay, but it also reduces the costs of storage as flash dives are more expensive (but much faster).

The same applies to surveillance data. Sadler says the company’s software is able to make sure video is saved on scalable storage systems that offer performance and the right capacity for the customer’s requirements.

A backup should also restore

Gerhard Fourie

Commvault is another company that has been in the storage and backup business for years and it has developed solutions aimed at the data governance requirements of enterprise companies. The goal, according to Gerhard Fourie, district channel manager at Commvault, is to allow companies to safely store their data across a variety of media, including cloud if required, but to also know what data they have in an auditable log.

Fourie adds that we don’t have to get too complicated when starting a data management and governance journey. A good starting point is to ensure you always have your data backed up securely. More importantly is to ensure you can restore it accurately, quickly and cost effectively should something go wrong.

He says the key to starting a compliance project is to begin by knowing what you have, whether onsite or in the cloud, and classifying it. This allows you to know what you have and where it is before moving to separating it onto primary and secondary (and other) systems. It’s worth noting that this includes ‘free flowing’ data, such as the information on laptops and mobile devices – which are often the most valuable to businesses as it includes current sales and projects etc.

For these devices, governance will include understanding what the data is and how important it is, and then implementing solutions such as encryption or the ability to locate lost or stolen devices and/or wipe them. Using more intelligence, companies can also make rules that say if a laptop has not connected to the network in a certain time frame it should be wiped.

Data governance and compliance is not an easy task, nor is it cheap. That’s why it has to be driven by regulation as companies will tend to avoid a project of this size and scope if they can. However, having a handle on your data in all formats will also provide more information and benefits to the business that will allow for more intelligent care of customers, including better insights when it comes to upselling. The trick is to make a start at understanding all the information you have stored away somewhere.

This article has been shortened. The full version is available at https://www.securitysa.com/papers/619hss46.pdf

Share this article:

Further reading: