Intelligent CIO Africa Issue 13 | Page 36

business ‘‘ TALKING //////////////////////////////////////////////////////////////////// • Unnecessary data which consumes resources, such as high-performance storage, cloud billing back-up/DR systems and people’s time • Valuable data sources that are currently not known about or under-utilised The outcome of this process is remediation of these issues through automated policies, role-based workflows, dashboards and on- demand reports. Proactive management in this way is required to work at scale and is essential for data subject requests and in the event of a data breach. How can better data insight improve business outcomes? Insights from data can help to drive out inefficiency and improve customer experience, both of which help to drive up competitiveness and are at the heart of digital transformation. In addition to these benefits, insights from data can also uncover new business opportunities or models, either in your current market or in an adjacent one. Unfortunately, many (if not most) businesses don’t have good control of their data and typically do all of the following to some degree: • Collect more data than is needed • Retain data beyond its useful life or its stated data policy • Create data copies with little or no control The notion that all data has value needs to be tempered, as the opposite side of the same coin to value is risk. It’s important to note that value is easier to find if you are in control of your data first. Take GDPR as an example. Many businesses are viewing it negatively as ‘more red tape’ but if controlling and centralising personal data leads to richer, better managed datasets, it’s actually a win-win outcome. There is less risk for the organisation, the opportunity to make savings from improved efficiency and the potential for new business and increased revenue. How can enterprises simplify their management of data? Most companies use many different point products to manage their data for many different reasons: Organic growth, 36 INTELLIGENTCIO M&A activity, management changes, vendor lock-in and new technology choices not supported by existing systems (cloud for example), all of which drive data management related purchases. Consolidating these data management operations can drastically simplify the management of data in an enterprise and bring about many other benefits. Multiple back-up products, availability systems tied to infrastructure and separate retention and compliance products all push up management overheads. They also create separate silos which are wasteful and costly. Attempts to gain insights from data, through content search and analytics, can also drive up silo acquisition and further add to complexity. Consolidating all of these functions by using a single data platform instead of point products allows enterprises to simplify end- to-end data management and gain greater visibility and insight at the same time. It’s important that consolidation carries no infrastructure agenda or future agility could be stifled if you need to shift beyond your current vendor ecosystem; going multi-cloud for example. In addition to simplifying your entire data landscape, consolidation in this way has a data-reduction impact which can be further multiplied by profiling your data and automating policies based on content. How can enterprises reduce data privacy risks? Traditionally, enterprises continually collect data and retain it, assuming it will have some future value. New global privacy and data breach regulations (not just GDPR) mean that personal data/PII now carries a significant risk. Assessing your current state with respect to privacy with a Data Protection Impact Assessment (DPIA) is a good place to start. However, the answers provided in these reports are not definitive, as some of its output draws on subjective responses from staff. It’s also flawed as a ‘one off’ exercise. Enterprises will have many new services, planned or going live, plus changes to existing systems that include the use of personal data, all happening on a daily basis. Even before a DPIA style of report is published, it will be out of date. Technology can certainly help take the uncertainty out of assessing privacy risks and also provide an on-going dashboard instead of a one-off report but care is needed. Content based searches don’t all provide the breadth of coverage needed by a modern enterprise. In addition, search technology can help find specifics reasonably easily but they are less good at finding types of data, known as entities. With new data- collection possibilities linked to IoT, mobile and processing by machine learning and AI, it’s also very important for enterprises to employ people with the right privacy and governance skills in these areas, too. How would you advise businesses to prepare for the impending arrival of GDPR? There are many aspects to GDPR but from a data perspective you simply can’t become compliant unless you understand where personal data resides, the sensitivity of that data, who has access and how well it is secured. This is true for both structured and unstructured, wherever it resides. For unstructured data, indexing, profiling and creating up-to-date dashboards and subsequent policy automation are a huge help; for search and entity extraction too. For structured data – databases and applications – leveraging recovery systems for dev and test makes these processes auditable and, importantly with such a concentration of personal data, secure. As a side benefit, you can also reduce time-to- market in this way. GDPR is actually a great opportunity because much of what you need to do for GDPR is aligned to digital transformation. Both centre around customer data and effective control of data will produce richer information for your business. Customer trust is also a huge issue for the modern enterprise, so embracing GDPR in spirit, as well as to the letter, will go a long way to bridging the gap. Enterprises that fail to grasp the importance of understanding their data, will be more likely to be affected by data breaches and are also less likely to be successful with digital transformation programmes. Lastly, if you do invest in technology to help with GDPR, make sure it also brings other efficiencies and benefits beyond helping with compliance. n www.intelligentcio.com