High-profile security failures
have made privacy protection a top of-mind issue for many organisations. In
several cases, hackers have gained access to online networks and systems,
stealing personal customer data such as names, addresses, passwords. The
financial costs of these breaches are often significant, ranging from tens of
thousands to millions. The damage to a company’s brand and its reputation often
costs far more. When we think of cyber risk we tend to think of security
breaches, but when we look at it through a privacy lens, the range of risks
broadens significantly.
As IT organizations move toward virtualization, cloud
computing and IT-as-a-service, data protection will undergo a fundamental
shift. The underpinnings of this transformation include a change from
one-size-fits-all backup to a data protection offering that matches service
levels with application requirements. IT organizations would be wise to bring
in outside help to navigate through this transition.
There are several issues
that an outside consultant can help manage, including:
ROI: The business
justification of data protection as a service – data protection is still viewed
as insurance and a quality risk assessment and business impact analysis from an
outsider can have a meaningful impact with upper management.
Training and
Education: Organizations have an opportunity to re-skill staff and gain
increased leverage by developing data protection approaches that free up
existing personnel. As discussed, however, new approaches will require new
mindsets and existing staff will have to be educated and in some cases
re-deployed on other tasks.
Architecture:
Data protection is not trivial. Virtualization complicates the process and
creates IO storms. Architecting data protection solutions and a
services-oriented approach that is efficient and streamlined can be more
effectively accomplished with outside help. Don’t be afraid to ask.
Customers want choices and ease of access, which requires
them to provide personal information and preferences, businesses want to be
able to gather, data mine and share this information efficiently. Certain
industries such as financial services and health-care, often draw the most
attention in the privacy discussion because of the personal information they
possess. However, all industries are affected by privacy and data protection
requirements. Confirm the organisation does not have misplaced or invented
reliance on third party providers that have access to the organisation's own
information or that of its customers. Design and implement robust monitoring
and testing of privacy and data protection risks and related controls. Most
companies have developed and implemented privacy and data protection programs,
yet many of these programs fall short for a variety of reasons, including lack
of understanding the risk landscape related to information collections and
transmittal, inadequate organisational policies, insufficient training and
unverified third party providers, among many others.
The bottom line is data protection is changing from a
one-size-fits-all exercise that is viewed as expensive insurance to more of a
service-oriented solution that can deliver tangible value to the business by
clearly reducing risk at a price that is aligned with business objectives.
Understanding data protection in a holistic fashion from backup, recovery,
disaster recovery, archiving, and security; and as part of IT-as-a-service is
not only good practice, it can be good for your bottom line.