Data management has traditionally not been high on the priority list for South African organisations, often seen as an afterthought and a grudge purchase. As the threat of ransomware has grown, this attitude is beginning to change. Data protection, combined with business continuity and disaster recovery, are the only way to secure this critical business asset from total data loss and the organisation from reputational damage, compliance breaches and more. In today’s digital world, where data is literally the currency of business, you cannot afford to leave anything to chance.
Data management goes hand in hand with security
The digital landscape has changed dramatically over the years, with new threats emerging that businesses must be cognisant of, and new value being realised from data itself. In the case of any data loss event, whether because of a malicious attack or an accident, backed up data remains the only form of defence. As the volume of data generation has grown to exponential sizes, this has become increasingly challenging. There are no signs that the data explosion will slow, so data management will only become more critical.
A data management plan is also a crucial element of success to prevent and remediate security issues. Having a set of policies, procedure and plans in place is a large part of the data management problem. These plans should include implementation of security features such as two-factor authentication, as well as encryption of backed up data. It is also important to determine the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) when planning data management. This often requires specialist skills, so the right partner can prove invaluable when it comes to protecting data assets.
No such thing as ‘set and forget’
Data management is not a once-off exercise, but an ongoing process, and bi-annual audits should be conducted to make sure data is fully recoverable. The audits should include a full Disaster Recovery exercise as if the data were live and the business were trying to recover from a significant data loss event. Organisations should also conduct quarterly restore testing of their most critical servers and data, to make certain that should the worst happen, they are able to recover quickly and fully and get back to business as usual.
Compliance is another discussion that needs to be intrinsic to data management, because data protection and data privacy have become a growing concern globally and the body of legislation governing this is growing. In South Africa, everyone has heard of the Protection of Personal Information Act (PoPIA), but understanding how this applies to organisations trying to protect their data can be challenging. This is where having the right partner or service provider can once again be valuable to ensure data management and data protection efforts are aligned with legal requirements.
Nothing to chance
Data is the lifeblood of the modern organisation, and it needs to be effectively managed and protected. If data management is not made a priority, organisations put themselves at unnecessary risk of data loss events, including accidental deletion and ransomware attacks, not to mention the potential for compliance breaches.
It has become imperative to include data management and data protection in organisational policy to embed it into the foundations of the business but having policies in place is not sufficient on its own. Processes need to be thoroughly tested on an ongoing basis, including a full disaster simulation, and changes and adaptations made continuously to ensure data is effectively protected. Businesses cannot afford to leave anything to chance when it comes to data, so a specialised service provider partner can prove invaluable in navigating the complex landscape of data protection and data management.
By Mohammed Sayed, Service Delivery Manager at Data Management Professionals South Africa (DMPSA)