As data growth continues at exponential rates and the value and sensitivity of data increases, laws around data are becoming increasingly onerous – particularly in highly regulated industries like financial services and healthcare as well as government.
By Lourens Sanders, senior sales engineer: SEEMEA at Commvault
Meeting compliance requirements is not simply a matter of legality, however. Protecting confidential data about customers and patients is critical for their safety and wellbeing, particularly in a world where ransomware is rife, and the consequences of a breach can be catastrophic.
Organisations need to ensure they have a proactive stance around data governance, and a comprehensive platform and solution that ensures both effective data protection and governance, while supporting regulatory compliance requirements.
Navigating the data
The rapid and increasing growth of data has unlocked significant potential for business insight, but many organisations struggle to leverage this, because data is segregated and siloed and there is a lack of visibility into the data. Without a comprehensive view of data, it is impossible to understand what data there is, where it is located, and even what the data is, which in turn creates several challenges.
The result is that organisations have no idea whether the data is useful for business, whether it needs to be retained, moved, or discarded, whether it contains sensitive or personal information, and whether it adds value or risk.
In addition, it becomes almost impossible to know who has access to the data, whether the right people have ownership and access, whether this is up to date and correct, and how to handle it. Managing all of the above can seem like an overwhelming task, which is why intelligent solutions have become critical.
A three-pronged approach
To handle data in today’s world, businesses need to secure it, defend against threats and be able to recover in case of an incident. This is the foundation of effective data governance, but it needs to be done via a single, consolidated platform to ensure businesses can prevent data exfiltration, optimise storage costs, identify over-exposed data, and in turn provide actionable tasks against these areas.
Insight into data is a key requirement, and organisations need a solution that provides visibility to ensure risk is reduced and mitigated.
Once you have visibility and insight into data, only then is it possible to fully classify and tag data according to its business use cases, and the contents according to its sensitivity, related to industry regulations. Businesses can then act by moving, isolating, protecting or archiving data, and subsequently ensure the ownership of data is accurate and up to date.
In addition, deep compliance search functionality can be enabled, to extract information for requests such as legal hold, investigation, and in terms of tracking and auditing if data has been moved, deleted, or modified. This facilitates monitoring and granular reporting, essential for proving compliance should this be required.
The right tools for the job
Data volumes are so large, and data itself is so critical, that it has become impossible to manage without appropriate tools for compliance and threat mitigation. Having a comprehensive toolset in place allows organisations to gain insight into data and how it should be addressed from a compliance point of view.
This includes automatically identifying and classifying data, isolating it, tagging it according to sensitivity, protecting it, archiving it or redacting sensitive content from live or copied data.