Agility has long been a fundamental characteristic of the modern enterprise. Since the pandemic struck, this agility has been tested — and enterprises have had to flex and adapt in ways that they hadn’t before. Connectivity and the cloud have played a major role in enabling employees to work from anywhere, at any time and from any device, and operations are increasingly underpinned by vast quantities of data that help to inform strategic decision making.
Although these high volumes of complex data have helped make it possible for enterprises to respond and adapt quickly, in challenging environments, this could come at a cost if the data is not managed appropriately. While enterprises should implement security solutions to protect sensitive and confidential information as standard, a study showed that around 90% of data breaches in the UK can be attributed to human error, which in turn expose a business to potentially eye watering regulatory fines and reputational damage.
The pandemic saw the use of home devices and networks escalate with companies swiftly making changes to accommodate an increasingly remote workforce. This cultural shift has bought challenges to the agile enterprise.
Agile drives business growth, but culture is stifling progress
Data management in a remote environment
According to a study conducted by Armis, a security service provider, 44% of employees are now using their own laptop for work. This use of personal devices amongst the distributed workforce means that enterprises need to reevaluate their existing data management and security policies. On many occasions, the necessary guidelines to help employees understand how to properly secure their devices while accessing confidential business information outside of the workplace, or how to properly manage end of life data, is not communicated efficiently. Research from Blancco showed that over half of organisations (56%) interviewed did not effectively communicate their data sanitisation policy to the business on a regular basis. This was the case even before working from home became standard. This potential lack in training and guidance could increase the enterprise’s attack surface, leaving it more exposed to misgivings, especially since data is now being shared across both personal and corporate IT assets.
Although BYOPC is a strategy that has enabled organisations to cope during the pandemic, personal devices, if left unsecured, can prove to be a major security threat. Implementing new data management policies and practices which include these IT assets is a crucial approach for the agile enterprise.
The importance of data erasure
A critical way to reduce risk is to regularly evaluate data bearing assets. This will allow for data to be assessed, reclassified, and given appropriate sanitisation instructions, therefore minimising the risk of sensitive data getting into the wrong hands. It enables organisations to actively erase temporary data or end-of-life data which has reached the end of its retention period, narrowing down the attack surface. Moreover, timely erasure of data frees up a device to either be redeployed within the organisation or be donated and given a second life, once it has served its purpose.
Data erasure is the best option for dealing with end-of-life data. Therefore, agile enterprises that have data crossing continents or being stored on public domains, keeping track of the data’s entire journey, right from inception to redundancy, with a full audit trail and maintaining records of it so it can be securely sanitised, is imperative to protect an organisation from a data breach. In such circumstances, employing a data protection officer to assist with this process is a prudent move. The DPO will not only monitor the data’s journey, but will also be responsible for ensuring compliance. They will keep data management polices up to date, which in turn protects the organisation. Keeping up to date with ever-changing government regulation around data is also a crucial part of this role.
Secondly, to track data and assets in the most effective way possible, it’s important to instate a data retention policy to regulate exactly how long data is stored for — and how data is handled at end-of-life. These two aspects should be communicated effectively and clearly to all employees. This comprehensive policy should cover the full data sanitisation process for redundant, obsolete, or trivial (ROT) data to a regulatory compliant standard, with auditable processes throughout. Information that has been appropriately and permanently erased cannot be recreated or accessed by bad actors.
With the enterprise becoming increasingly agile, adopting data management policies that fit the new normal should be a priority. Communicating these policies clearly to staff, and ensuring they are implemented properly, is vital. This, together with regular data audits that incorporate remote erasure solutions, will ensure devices are sanitised with a complete and proper audit trail. As the agile enterprise continues to flex, a razor-sharp focus on data management best practices will ensure a strong culture of cyber hygiene.
