Data protection: How Secure is The Data of Your Organization?

Data protection is no longer an option. Today, data privacy and protection for organizations across industries has become a must-have and is one of the most critical aspects of eliminating risks to the overall business workflow. In order for organizations to accelerate their digital transformation journey, it becomes essential to adopt a modern approach towards data protection.  With regulations like GDPR in the EU not only changing the data protection landscape but also challenging the business landscape, organizations in India and globally need to treat these developments as business opportunities rather than a compliance burden. 

"Technology is witness to rapid change which proportionally increases vulnerability and risk. Security professionals need to ensure they know the technical changes and understand how to safeguard company assets. 

For instance, the BYOD (Bring Your Own Devices) concept is gaining more traction in companies, and it rests on IT and security professionals to ensure that employees can use the personal devices without much hassle while company data and assets stay secure. Also, regulations like the recently launched GDPR give a lot more weightage to an individual’s privacy. This makes the security of personal data a top priority for companies.

Additionally, selecting the right cloud provider and the underlying service (private, public or hybrid) is an important consideration when it comes to data protection. Increasingly, organizations are moving towards cloud data storage which makes it essential that we understand the cloud provider’s security practices and liability aspect, alike," said Gyanesh Ojha, Information Security Lead, ThoughtWorks India. 

Challenges Company face while deploying data privacy:

Recently, there have been several high-profile data security breaches which have impacted large corporations globally. Enterprises of all sizes can be targets of data breaches; small and mid-size businesses are in the crosshairs as well and need to protect against data security threats. “To secure data, an important step that many miss out is to create an extensive data security plan in order to understand what data could be at risk. Enterprise data must be secured through authorized and controlled access, and virtualization enables this security model as it allows one to have a secure architecture and orchestrate control throughout the infrastructure,” said Nayak, Chief Operating Officer, SAP Labs India.

Data privacy and protection has not been an easy task for organizations, given the potential risks leading to financial losses that they face today.

According to Sanjay Agrawal, Head – Presales, Hitachi Vantara, India, some of the challenges that companies face while doing so are:

• The ability to keep up with industry movements and transform their data protection strategies without disruption or delay
• Right levels of resiliency and speed for disaster recovery and built-in replication to protect business continuity needs
• The training required to keep up with industry standards and migrations of policy for production readiness
• Elimination of high costs, complexity and risk of point products with a flexible, scalable solution to protect all the data

How the company protect themselves from Ransomware Attacks or Data Breach

Data is the center of everything, and organizations and their data are constantly under threat. Nearly 40% of businesses have experienced a ransomware attack in the past year. Companies need to have a well-planned data protection strategy based on data classification and business requirements. One of the ways in doing so is by approaching IT transformation proactively. This means implementing key data protection products, right from the planning and design stage to integration and testing.  Secondly, setting up an efficient data protection management system is important for on- and off-premise disaster recovery, monitoring, and reporting on compliance with policies for data security and encryption.

Object Storage can help prevent the spread of viruses within the system, stopping attacks in their tracks before they cause any real damage. Hitachi Vantara has been using the Object Storage technology ourselves for over two years. This has removed the need for traditional data protection from backup solutions and delivers 50% optimization of our datasets thanks to global compression and de-duplication. “We also have add-ins to solutions like MS Outlook, removing the need for heavy attachments by linking employees back to the original object each time,” said Sanjay Agrawal.

As there is no surefire way to prevent vulnerability to cyber-attacks, data backup and management plays a critical role in an overall cyber security defence strategy. According to Ramesh Mamgain, Area Vice President India and SAARC Region, Commvault delivers an integrated, automated data protection approach that provides a single complete view of all stored data. This means companies can rapidly recover data wherever you need so that you can resume business even in the face of a ransomware threat. Commvault software also monitors, alerts and identifies the rate of file changes. Check files are placed in special locations to be monitored for changes. And if files are altered, alerts and notifications are launch for further investigation, before they hop and infect other systems throughout the infrastructure.

Organizations must commit themselves to invest in solutions and setting up a security framework involving people to ensure that data privacy is embedded properly in all business processes, are capable of malware detection on time and identifying when employees are sharing data with external vendors through an unsecured network.

According to Gartner, cybersecurity spends by organizations are expected to exceed $124 billion by 2019. This indicates that organizations are becoming increasingly cautious and aware of the vulnerabilities that surround them, especially the blended attacks or multi-vector attacks. They typically use DDoS to distract the network administrators or use malware attacks when employees are working on the internet. This calls for setting up a blended security network that integrates encryption, network firewalls, DDoS solutions, web application firewalls, intrusion detection and prevention systems and anti-virus solutions.  

“Security is everyone’s responsibility. Everyone in the organization should understand security and take equal responsibility when it comes to ensuring the organization’s and their personal data is not compromised,” said Gyanesh Ojha.

“Becoming compliant, embracing AI and understanding security challenges will allow organizations to significantly reduce their risks of reputational damage. The opportunities that arise from improved data hygiene, security and management enable businesses to offer customers better experiences and ultimately, boost customer loyalty, revenues and brand reputation,” added Subramanya C, Chief Technology Officer, Hinduja Global Solutions.

What laws should be implemented by the government to protect data?

We all know that the law usually lags behind technology because the pace of change is so massive. Elected officials are still trying to figure out cable television in a world where the cable is already fading away. “The solution to data protection isn’t solely to pass more laws: it’s for people to take security more seriously for everything from voting machines to bank machines to hospital records. Hackers will always look for the weak points of any security protocol,” said George Brostoff is CEO of SensibleVision.

Currently, India does not have an omnibus data privacy legislation akin to the EU’s GDPR. However, India is moving closer to its first data privacy law with the Srikrishna panel recommending what is termed as the “fourth way to privacy, autonomy and empowerment”. “The proposed bill definitely is a step forward in terms of ensuring every effort is made to protect data at any cost and prevent the misuse of personal data. Laws need to be set in terms of setting ‘data principles’ that will give a base to a framework for setting up mandatory security safeguards and data policies that protect both individuals and organizations from the dangers of malicious data breaches and information leaks,” said Sanjay Agrawal.

Pandurang Kamat - Chief Technologist & Associate CTO, Persistent Systems concludes by saying that the comprehensive data privacy regulation the government of India is working on, is a great step in the right direction. It is important to put a regulatory and punitive framework in place to govern the way data is collected, stored, used and protected by companies.