South African enterprises are taking data protection and governance seriously and are actively moving to implement governance best practice, says PAUL WILLIAMS, Country Manager – Southern Africa at Fortinet.
South African enterprises, particularly those in the financial services and health sectors, are already on track to meet the requirements of the POPI Act.
What does “data governance” mean?
Data governance covers the management and protection of data across the entire ecosystem – from data collection, to its movement through networks, to storage and the eventual destruction of data. Poor management at any stage – for example in emails between colleagues within the organisation – could result in leaks. Local CIOs, CISOs, risk managers and legal specialists are well aware of these risks and are taking measures to secure their valuable data at every stage of the data lifecycle.
Data flowing ‘North-South’ (in and out of the enterprise) is not the only area that requires focus. East-West data flow must also be protected and controlled. For example, when data moves between servers within an organisation, it could be at risk if a malware has been introduced somewhere within the network. Employees collaborating on shared documents or emailing copies of information to each other could also put data at risk without effective protection and governance rules in place.
What are the primary elements of a data governance strategy?
Effective data governance begins with a full audit of how data moves through the organisation, the categorisation of data by levels of security required and the setting of clear rules about access rights within the organisation, this will vary in different business verticals and the type of data sets in their business, this is known as DLP – Data Loss prevention.
See more information on DLP here.
To be truly effective, the data entering and leaving the organisation must be carefully monitored and authentication and permissions must be managed. The organisation must govern who is accessing the data, using what device to do so and which content they are accessing. It comes down to the micro-management and inspection of the data.
The data governance strategy must encompass all data. This includes basic operational and administrative data that could reveal the corporate strategy; and the keystrokes, screens and voice call records gathered by the company contact centre.
Shortfalls still exist around identity and device management, defining the profiles and rights of users, and management of contact centre data. But enterprises are starting to look more closely at these risk areas and we expect POPI to spell out measures to be taken under endpoint protection regulations.
Why is or will data governance be important to PoPI compliance once the legislation is in effect in 2018?
Data governance should not wait until 2018. Personal information and important enterprise IP data is constantly at risk and companies stand to incur serious losses and reputational damage, should their data be compromised or stolen. Once POPI comes into effect, they face the additional risk of prosecution and hefty fines which will also spell out market reputation.
Any company that has not yet done so must start taking the bull by the horns and adapt to the POPI model which is a “Frame Work”. In this frame work each business vertical can adapt their data and corporate governance accordingly. They need to start understanding the Act and take a closer look at their existing data governance, data flow and how effectively they are managing, storing and securing the data.
Samsung unfolds the future
At the #Unpacked launch, Samsung delivered the world’s first foldable phone from a major brand. ARTHUR GOLDSTUCK tried it out.
Everything that could be known about the new Samsung Galaxy S10 range, launched on Wednesday in San Francisco, seems to have been known before the event.
Most predictions were spot-on, including those in Gadget (see our preview here), thanks to a series of leaks so large, they competed with the hole an iceberg made in the Titanic.
The big surprise was that there was a big surprise. While it was widely expected that Samsung would announce a foldable phone, few predicted what would emerge from that announcement. About the only thing that was guessed right was the name: Galaxy Fold.
The real surprise was the versatility of the foldable phone, and the fact that units were available at the launch. During the Johannesburg event, at which the San Francisco launch was streamed live, small groups of media took turns to enter a private Fold viewing area where photos were banned, personal phones had to be handed in, and the Fold could be tried out under close supervision.
The first impression is of a compact smartphone with a relatively small screen on the front – it measures 4.6-inches – and a second layer of phone at the back. With a click of a button, the phone folds out to reveal a 7.3-inch inside screen – the equivalent of a mini tablet.
The fold itself is based on a sophisticated hinge design that probably took more engineering than the foldable display. The result is a large screen with no visible seam.
The device introduces the concept of “app continuity”, which means an app can be opened on the front and, in mid-use, if the handset is folded open, continue on the inside from where the user left off on the front. The difference is that the app will the have far more space for viewing or other activity.
Click here to read about the app experience on the inside of the Fold.
Password managers don’t protect you from hackers
Using a password manager to protect yourself online? Research reveals serious weaknesses…
Top password manager products have fundamental flaws that expose the data they are designed to protect, rendering them no more secure than saving passwords in a text file, according to a new study by researchers at Independent Security Evaluators (ISE).
“100 percent of the products that ISE analyzed failed to provide the security to safeguard a user’s passwords as advertised,” says ISE CEO Stephen Bono. “Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.”
In the new report titled “Under the Hood of Secrets Management,” ISE researchers revealed serious weaknesses with top password managers: 1Password, Dashlane, KeePass and LastPass. ISE examined the underlying functionality of these products on Windows 10 to understand how users’ secrets are stored even when the password manager is locked. More than 60 million individuals 93,000 businesses worldwide rely on password managers. Click here for a copy of the report.
Password managers are marketed as a solution to eliminate the security risks of storing passwords or secrets for applications and browsers in plain text documents. Having previously examined these and other password managers, ISE researchers expected an improved level of security standards preventing malicious credential extraction. Instead ISE found just the opposite.
Click here to read the findings from the report.