Managing the New Normal for Organizational Data Privacy in a Post COVID-19 Era

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
4 0 9,168

In the past few weeks, I have seen IT priorities quickly shift. As we all emerge from this global Covid-19 pandemic, I would like to highlight some approaches that can help organizations as they adapt to these new challenges in a way that can drive business forward versus disrupt or derail them.

Managing the New Normal for Organizational Data Privacy in a Post COVID-19 Era.pngClearly, the environment we all live and work in has changed. Organizations are quickly learning to adapt to a “new normal.” To adapt, we are having to reflect and refocus our business priorities. For IT, rethinking and re-ordering priorities is underway in many organizations, especially around data access, content analysis, data security, policy controls, infrastructure and artificial intelligence. At Micro Focus were in the same situation. Like many of our customers, we are asking questions such as:

  • Is remote work and remote data access workers something we can embrace long-term to control costs, improve productivity and improve workplace safety? If so, how do I ensure that employees have secure data access that drives the business and improves productivity as our business evolves?
  • The use of productivity tools like Teams, Zoom, GoToMeeting etc. fill a portion of the remote work necessities – but how do I leverage more public cloud technologies to improve collaboration, and secure access to applications? And in making this shift, how do I ensure my data is secure and protected?
  • How do I prioritize data? I can’t migrate everything. I need to have some form of content analysis to determine what should be migrated to the cloud first, what can remain on premises and what can be deleted. In doing so, how do I optimize my infrastructure and investments to align with my changing workforce and priorities?
  • How do we leverage technology to protect my data while at the same time improve productivity, ensure compliance and protect our corporate reputation?

The big question is where to start? Most organizations we’ve worked with at Micro Focus have a clear understanding that data growth is an issue, but since much of it is a factor of organic growth (end users keeping copies locally on desktops, storing data across shared drives, SharePoint sites and collaboration platforms), the scope is always a bit of a wildcard.

We see a lot of projects get underway by focusing on these 3 key areas:

  1. Prioritizing data sources, and then interrogating those sources to determine the “value” of data.
  2. Data mapping and content analysis combine with discovery techniques can allow organizations to quickly identify and prioritize what data “sources” are most important and move to the front of the line – and what data contained in those sources should be migrated. This is an ideal tactic to quickly optimize and minimize data – driving cost efficiencies and ensuring a current data inventory of high-value and sensitive assets is available to the business.
  3. Remediation of data access and permissions within a data migration help to mitigate risk more effectively than a big, bulky data dump. Data growth not only leads to cost implications, but poor permission and security practices introduces the unintended risk of data leak or loss to your organizations. Organizations with a heighten awareness on access and permissions can remediate without delay and mitigate risk, ensuring that data is secured and the risk of unauthorized access is diminished.

The new normal we emerge into will require projects with even more focus on safeguarding and protecting the business. It won’t be a matter of if, but when regulators ramp up data privacy compliance audits. These projects are an ideal opportunity to use content analysis for risk assessments. Not all content analysis is created equal, however. There are key factors when embarking on these activities called out by my colleague, David Humphrey, in a Tech Beacon article titled, “How to meet privacy requirements with your PII.” In short, David highlights the importance of confidence in your content analysis as being paramount. Using optimized, contextually aware grammars that leverage phrases, characters and keywords, as well as proximity, reduces false positives, improves accuracy – and the quality of your data inventory.

The next critical step of risk assessment is to take action and protect your data. Data security actions like encryption and anonymization help mitigate risk of unauthorized access or a breach. This is important, not only across your structured data applications, but in your unstructured data sets as well. Personal information (PI) and personally identifiable information (PII) resides everywhere. Organizations that take steps to protect personal data of their customers, employees and partners will ensure that their corporate reputation, brand and shareholder value is preserved.

In addition to protecting your high-value and sensitive assets, data privacy regulations also call for deeper understand of how data is used. Projects that create a data inventory of content, metadata and permissions are not enough. High-value and sensitive data types need to be tagged with business use and purpose along with data lifecycle policies that govern who is allowed access, how long data is preserved, as well as, when it’s scheduled to be deleted. This is not only critical to ensure compliance, but also to prepare the business for the time when regulators, consumers and data subjects approach the business to inquire how personal information is being managed and for what purpose it is being used.

A key business outcome around these types of engagements is the improved insight organizations have across their most valuable data. Insight to drive cost efficiencies and data minimization/ optimization efforts, insight to deploy data security practices minimizing risk associated managing high-value and sensitive data, insight to ensure compliance and governance is maintained throughout the data lifecycle long-term while reducing the risk of fines or sanctions – and it’s insight into data that enables organizations to confidently protect their reputation, improve their ability to respond to consumers, data subjects and regulators while complying with evolving global regulations.

With this I will leave you with five key takeaways to gain insight into your data:

  1. Understand your data map topography and prioritize what data sources need your attention and which can be moved to tiered storage or deleted.
  2. Minimize your data to reduce risk and drive cost efficiencies around data migration and building data inventories.
  3. Identify risky data access rights and mitigate that risk by remediating permissions and securing sensitive data by encrypting it.
  4. Ensure compliance by applying business purpose and data governance policies.
  5. Leverage the insight of content analysis, data discovery and applying the appropriate data lifecycle controls improve your time to respond.

If you would like to learn more around these techniques please join me in my Micro Focus Virtual Universe session May 20th titled: “GDPR, CCPA, and Data Privacy: Disruptor or Business Driver?”

Here’s a brief description:
Any organization without a plan to prioritize the protection and management of sensitive and personal data place their reputation, brand and high-value data at great risk. It must also meet challenges such as mergers and acquisitions, digital transformation to the cloud, and the growing, global, requirement to safeguard personally identifiable information. These compelling events create opportunities to safeguard data throughout its lifecycle, mitigate risk, drive cost efficiencies and derive greater value from enterprise data. Join us for this informative session where we will discuss how we help our customers around the globe to simultaneously address their data governance issues while enabling greater speed, agility, and insight.

Don’t forget to register for Micro Focus Virtual Universe first, then pick my session. I look forward to seeing you on May 20.

 

Contact with me on LinkedIn or follow me on Twitter: @ByGregClark

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.