By Alex Hollis, VP of GRC Services at SureCloud
Worldwide data has become the most valuable commodity and is generated and consumed at unprecedented rates. Before moving any data outside of their organisation, organisations must first consider the issues surrounding data access, security governance and compliance. This involves evaluating the entire lifecycle of data through the organisation from intake and ingestion, cataloguing, persistence, retention, storage, sharing, archiving, backup, recovery, disposition, removal and deletion.
The cloud has become the most popular option for off-premise data storage. In fact, 77% of enterprises have at least one application or a portion of data stored in the cloud, and 60% of organisations use cloud technology to store confidential data. The popularity of the cloud can be explained by the fact that it allows for economies of scale and access to gigantic storage, vast processing, advanced analytics and AI for any company building new applications and services.
As the most valuable commodity, there is also a danger of organisations operating risky data storage practices or shortcutting their obligations to consumers, putting them at risk while focussing on profit. It is here that regulators must step in and legislate to ensure that companies cannot operate in such a way that they are liable for that risk. The EU GDPR, introduced in May 2018, set out to do this by making companies accountable internationally for protecting the data of EU citizens and introducing heavy fines for non-compliance. The California Consumer Privacy Act (CCPA) has followed suit, bringing into law additional protections for the consumer. There are many commentaries about whether these legislative changes have been successful; however, it is undeniable that there is increasing regulatory pressure on data governance.
Organisations, both buyers and sellers, are finding that they are now in the position of asking themselves who is responsible for data governance and what they need to do to ensure their adherence. There are arguments for whether this task belongs to compliance, legal, IT, or even finance teams; however, the oversight isn’t as important as the implementation. The identification of data owners (custodians) who understand the nature of the data and the processes that surround it are key. Companies should look to nominate the person with the best skills and position to oversee data governance and ensure that this is supported and pushed down onto those in the business closer to the problem.
The smartest approach to this is through the following steps:
Find out more about SureCloud’s cloud-based Governance Risk and Compliance (GRC) software solutions here.
Alex has two decades of experience in information technology, spanning medical informatics, mobile workforce automation, and for ten years focused on governance risk and compliance (GRC). His GRC domain experience spans IT and Operational Risk, Corporate Compliance, Third-Party Risk Management, and Busines Continuity. Alex has received several awards for work around risk bow-tie modeling, Solvency 2, and Basel 3, also being regularly invited to speak at industry events. Alex has worked with over 150 GRC technology projects in some of the world’s largest companies and most complex environments. His industry experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services, and insurance.
SureCloud provides cloud-based, Governance Risk and Compliance products, and Cybersecurity & Risk Advisory services, which reinvent the way you manage risk. SureCloud connects the dots with Integrated Risk Management solutions, enabling you to make better decisions and achieve your desired business outcomes. SureCloud utilizes a highly configurable technology platform, which is simple, intuitive, and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation, meaning you get immediate and sustained value from the outset.