Information is an organisation’s most valuable asset. To protect that asset, it’s no longer viable that security is an external layer of core information management software. Security should be imbedded in the foundation of the software’s design. It is integral to the success, profitability and well-being of your organisation.
By Monique Williams, Hyland Southern Africa regional manager
You’ve probably already invested in front line defences such as a firewall and various detection and protection systems. To your knowledge, you’re compliant with every notable industry regulation. But is that enough?
Think of the platform that contains all of your valuable data as a house. Let’s equate your firewall and compliance investments to “the lock” on the front door of your “house”. Although “the lock” on your front door serves as great preliminary protection for your “house”, does that truly guarantee that everything behind it is safe?
Not necessarily. If someone were to bypass your “locked door” and get into your house full of sensitive, proprietary information, what would happen?
Consider a couple of the major South African data breaches of 2017. In October, it was found that a real estate company had exposed the personal data of over 60 million people, including identity numbers, addresses, passwords and salaries. Overlooking an easily accessible web server caused the most severe data breach in South African history, far surpassing the seven million records leaked by a movie-house company earlier in the year.
Whether confidential or customer data is exposed, your business is at risk of competitive vulnerability and reputational damage, as well as incurring fines and penalties for compliance violations. It only takes one incident to threaten the well-being or, in some cases, the existence of an organisation.
The 2017 IBM Security Cost of Data Breach study, conducted by Ponemon Institute, found the average cost of a data breach in South Africa to be R32.36 million, a 12-percent increase from the previous year. Additionally, the study discovered that the average cost per lost or stolen record is R1 632.
The lock on a front door might not prevent someone from getting inside, but what if there are additional layers of protection to safeguard valuable possessions, like a safe or hidden storage? The same multi-layered defence concept applies to a platform that houses organisational data.
Advanced content services platforms have been developed with security imbedded into the foundation of the software, offering layers of end-to-end protection for your information. For example, OnBase by Hyland is a leading content services platform that enables granular rights with highly configurable permissions at the document and user group levels to ensure strict enforcement of the principle of least privilege (minimum access needed and nothing more). This way your information is protected from both internal and external vulnerabilities.
Other security considerations include protecting data in use. While information is in use, a modern information management solution employs configurable session timeouts and masked keyword values to prevent unauthorised users from viewing sensitive data. This makes it more difficult for someone to steal information from a logged-on device or a device they have stolen. Also, sensitive metadata values can be replaced with a masking character while it displays on a screen. For example, identity numbers can be masked for users that need to interact with that kind of file, but don’t need to know that specific piece of information.
A modern information management solution also empowers an organisation to secure and protect content from the moment it enters the system and in accordance with compliance requirements. For example, in the case of dealing with credit card or identity numbers, the data can be encrypted at rest and during transportation.
Additionally, enterprise cloud-based sharing systems provide a secure and trusted means for users to share sensitive or valuable information with confidence. Because they are specifically tailored for enterprise use, such solutions give organisations the ability to maintain ownership and control disparate data and content.
Your information protection needs will only increase with the growing amount of data that must be stored, managed and protected. Make sure the information management solution you choose provides layers of protection for your critical information now and into the future, and that your vendor continuously monitors, reviews and updates its software to defend against developing threats.