With consumers required to divulge personal details to access many apps, ensuring the safety of data has become a collective responsibility. NEIL COSSER, Identity and Data Protection Manager for Africa at Gemalto, believes encryption is key to safeguarding data.
As technology continues to shift and shape how we connect with each other and brands, personal data has become a highly valuable and lucrative commodity. With consumers required to divulge personal details to access most of the plethora of apps available, ensuring the safety of data has become a collective responsibility: shared between service providers, app developers and the individual themselves. What does this mean for mobile providers, banks, government and brands, especially as South Africa starts grappling with the Protection of Personal Information (PoPI)? And what does it mean for consumers and corporates doing business across our shores, many of whom are still blissfully unaware of the risks involved?
Driven by relentless news of security breaches and data loss, many governments around the world are considering introducing or are in the process of introducing legislation that will help protect the personal data of their citizens. For example, the European Union has adopted the General Data Protection Regulation (GDPR) in April 2016. There are obvious signs that significant risks lie ahead if companies do nothing to change how they protect data because the new regulation will have major implications for all the ways in which data is collected, stored, accessed and secured. Locally, certain sections of the Protection of Personal Information Act (PoPIA) have already commenced (under proclamation No. R. 25, 2014).
But what does compliance mean for local businesses?
Given the proliferation of technology and what it has come to mean for companies, it is now an imperative for businesses to deploy suitable mechanisms to process personal information of employees, customers or other business stakeholders. This is done with the view to implement organisation-wide privacy initiatives in order to comply with the conditions of the Act. Compliance will have an impact on the processes, technology and manner in which stakeholders – particularly within the employer and employees parameters – handle and process personal information.
According to renowned provider of legal solutions, Michalsons, GDPR’s grace period has been earmarked to end on 24 May 2018 – thus making it legally enforceable from that period onwards. Locally, we can expect PoPI’s grace period to end soon after the GDPR’s. Organisations that have to comply with both the PoPI Act and the GDPR might focus on complying with the GDPR first and then POPI second. Taking this approach could offer prudent lessons for businesses through the compliance of GDPR that can be applied to PoPI.
The writing on the wall
The release of Gemalto’s 2016 Breach Level Index (BLI) report has offered an intriguing backdrop to the issue of data management (particularly where data protection is concerned) in the local context. A key takeout from the 2016 report highlighted that that we cannot argue that we have a growing data security crisis evidenced by the almost 1.4 billion records being compromised during 2016. The sad truth is that this number is actually higher, because most breaches go unreported worldwide. This is particularly worrying given the impact that a data breach can have on an organisation’s reputation and ultimately revenue.
The Ponemon 2016 Cost of Data Breach Study indicates that the average cost of a data breach to a businesses now stands at $4 million (average cost per record $158), with reputation and the loss of customer loyalty most heavily impacting the bottom line. In fact, our research revealed that two thirds (66%) would be unlikely to do business with organizations responsible for exposing financial and sensitive information.
It’s all about action
The debate surrounding data protection vs. impact on reputation and revenue is not a new one but it seems that many executives agree that the issue is of data security is still taken for granted by those businesses with a big user base. This was the sentiment shared by the panelists who formed part of our Gemalto BLI roundtable event hosted on 28 March 2017 in Johannesburg.
Justin Williams, Executive: Group Information Security at MTN reiterated that consumer data is a prized commodity and it cannot and should not be taken for granted. “There is a concerning lack of regulation in Africa. Beyond the strict requirements of the regulations, what companies really need is to shift to a new data security mindset,” he explained. He added that now is the right time for businesses to start taking steps now to prepare for implementation of the new rules.
Williams’ advice begs the question, what should organisations do to limit their risk of breaches and ensuring that consumer data is protected against all odds. The answer to this is simple; securing a breach is the first point of call. Organisations should consider three factors when building a comprehensive data protection strategy. Firstly, we need to analyse where data being stored – is it in a database, file servers, virtual environments or the cloud? Secondly, how and where are encryption keys being secured? Finally, who’s accessing the data and more importantly, how is this access being controlled?
Once these three factors have been understood, this can then be converted into a three-step approach to data protection which includes encrypting all sensitive data, storing and managing encryption keys and lastly, controlling access.
Fail to prepare, prepare to fail
Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, threat detection and monitoring. But, if history has taught us anything, it is that walls are eventually breached and made obsolete.
The next and last layers of defense need to be around both the data and the individuals that access the data by surrounding them with end-to-end encryption, authentication and access controls that provide the additional measures necessary to protect customer data.
Security professionals will always need to consider the need to perform specific risk analysis in order to implement the organisational and technical measures that are needed to prevent, detect, and block data breaches. Data encryption solutions provide an essential basis for achieving reliable data unintelligibility. When encryption is combined with other measures, such as secure key management and access controls, these mechanisms provide a robust foundation for achieving compliance with applicable EU data protection laws.
The reality is that our world is quickly becoming an Internet of Things where every person, place, thing and organisation is connected to each other through the Internet. The proliferation of the cloud, digital content, mobile device usage, online banking, e-commerce, and social media means that we are creating, accessing and storing data and conducting transactions in more places than ever before. We simply have more to manage and more places of exposure.
For Joe Pindar, Research & Development Director: Identity & Data Protection at Gemalto, transparency is the best paved road to ensuring consumer trust. Security should be a key consideration for all businesses going forward. Telling customers about the security measures your organisation has put in place to protect their data can go a long way in cementing customer loyalty. “If you are doing something better than the rest of the industry, like encrypting data end-to-end, then you might be seen as a trusted innovator.”
As we look towards the future of data management and in order to be ready for upcoming legislative changes, companies need to start taking steps now and change their security mindset about protecting customer data. The signs for taking action are obvious. It’s clear that being breached is not a question of “if” but “when. Companies should move away from the traditional strategy of focusing on breach prevention, and move towards a ‘secure breach’ approach. This means accepting that breaches happen and using best practice data protection to guarantee that data is effectively useless when it falls into unauthorised hands. Traditional approaches to data security do not work anymore, and if companies don’t wake up to this new reality soon, the consumer revolt will come.
How panic-buying disrupts traditional supply chains
Panic buying has become commonplace during the COVID-19 crisis. PAULO DE MATOS, chief product officer at SYSPRO, outlines how good technology and ingenuity is panic-proof.
Amid the COVID-19 pandemic, the world cannot afford for manufacturing and distribution to grind to a halt. From food on our shelves, to medical necessities, these sectors are at the heart of our economy and must keep going at all costs. Although the global supply chain is usually a well-oiled machine consisting of a system of organizations, people, processes, information and resources, disruption of this well-oiled machine has become the new reality. According to a new survey released by the Institute for Supply Management (ISM), 75% of companies worldwide have reported supply chain disruptions as a result of COVID-19. Added to that is the increasingly unpredictable demand caused by panic buying and consumer stockpiling.
Reinventing the supply chain to face the challenges of today
In response to the pandemic, manufacturers and distributors have had to pivot in a new direction, to turn the supply chain challenge into a competitive advantage through ingenuity.
The US recently invoked the Defense Production Act to allow American manufacturers to suspend their normal production schedules and begin manufacturing materials such as ventilators, which are needed in this time of crisis. The Act, which was originally passed in 1950, was a war mobilization effort. It allowed the government to direct efforts of manufacturers to focus production on the much-needed necessities in times of need, from medical supplies through to necessary disinfection products.
Australia has applied a similar approach through the implementation of ‘wartime’ manufacturing. Due to a shortage of necessities like ventilators and hand sanitizers, the Australian government is offering financial packages that incentivize factories to manufacture critical supplies. For example, one of Australia’s biggest packaging companies, Pact Group, is converting production lines at three of its Sydney plants as it starts making hand sanitizer for the first time, instead of industrial cleaners.
Within Canada and South Africa, distilleries have also committed to supplying alcohol, a key ingredient in hand sanitizer.
Using technology to ensure long-term resilience
Until recently, China has consistently supplied global manufacturers with the bulk of their required components, raw materials and or processed materials. Presently, 6 in 10 (62%) of the respondents of the Institute for Supply Management (ISM) survey have reported that they have experienced increasing delays in receiving orders from China. This is of course just the tip of the iceberg, with the pandemic now impacting almost every country in the world; delays are going to begin affecting deliveries from every country, and the lateness of the delivery is expected to increase. With the increasing shortages of parts, global manufacturers are now scrambling to identify alternative suppliers and supply chains to make up for the missed deliveries.
Technology systems, such as Enterprise Resource Planning (ERP) systems, can certainly improve the situation by giving manufacturers improved visibility of the reliable local suppliers and their supply chains. Through ERP integration, representatives from different supplier companies can interact on a single platform, improving the flow and availability of information and improving the reliability of delivery. For example, the SYSPRO Supply Chain Portal was originally launched with a Request for Quote capability, which enabled the formal invitation of suppliers to tender for the supply of goods and services. Not only can manufacturers identify local suppliers who can meet their orders in a time of scarcity, but manufacturers themselves could easily find alternative suppliers.
ERP also has the added advantage of reducing document handling and other manual activities and facilitates cross functional collaboration by enabling an online process for engaging with customers and suppliers. What’s more, planned receiving and manufacturing process steps can be amended temporarily in your ERP system to include additional Quality Assurance. For example, the wiping down of surfaces and spraying of goods with appropriate chemical or detergent cleansers and adding waiting times before issue or delivery.
In times of unforeseen scarcity, as the world is currently experiencing with the COVID-19 pandemic, it is imperative that the supply chain is kept open and full. The challenge that the company faces is to identify the cheapest and easiest way to accomplish this, using their own unique combination of technology and ingenuity. If there is surplus stock in the supply chain, the surplus could easily be sold onto neighbouring organizations – after all, the function of a manufacturing organization is to fulfil whatever is identified as a shortage in the economy.
Managing disruption in the long-term
The World Economic Forum has suggested that moving forward after this pandemic, there will be a “new normal”, a need to manage disruption by developing predictive models for proactive scheduling, and dynamic planning of supply with careful consideration of the uncertainties and risks. This change will most likely usher in the next level of digital transformation, based on the collection and analysis of data from various disparate applications.
Ultimately, having the right combination of technology and dynamic ingenuity will allow manufacturers to weather the storm and navigate the unknown, bringing with it the success of discovering “the new world.”
Pandemic will change co-working – and vice versa
By CHARMAINE LAMBERT, WorkInProgress – an Absa Innovation Lab
The COVID-19 pandemic is set to realign the world’s social and economic structure, and fundamentally change the way people work and interact, personally and professionally. While the current social measures in place around the world are aimed at stemming the spread of the virus, there’s a good chance that there’ll be a residual adoption of elements of them as humanity adapts to ‘the new normal’ – because the world will fundamentally never be the same again.
Hundreds of thousands of people are set to lose their jobs as economies tank – but the optimistic view is that that’s an opportunity for the future, rather than the very real catastrophe it feels like at the moment – particularly in the SME space. It’s a rare economic situation that sees major corporations struggling as much as SME’s, and the upshot is that people may have to create employment opportunities for themselves and others, rather than returning to the jobs they had before the pandemic.
It’s clear that the world will need more entrepreneurs, whose smart ideas can help rebuild economies, create employment opportunities and re-establish – and rebuild – the livelihoods of entire communities.
Many have glibly asked ‘could that meeting have been an email?’ – but the reality is that the working world is rapidly discovering the benefits of finding new ways to address business needs, that rely less on physical face-to-face interactions. Catching up as a group on a Zoom meeting is important, but cutting out a commute, the niceties of the preamble to a meeting and repeating yourself for the guy who stumbled in five minutes late has made meetings more efficient and to-the-point.
Meetings won’t go away, because humans are collaborative. It takes one person to have a great idea, but it takes a team to realise and implement it – which is why co-working spaces will remain an important part of life for those taking up the challenge of employing themselves, and others by forming SME’s, in the new world order.
The shift in ways of working has also shown that decentralisation is possible – something that may become a necessity in the future. All those shiny offices in global centres are expensive line items on the annual budget, and since budgets are going to be way tighter – if not non-existent – in future, even SME’s may have to make peace with the fact that not everyone needs to share a space. And knowing what we know now about how easy it is to spread viruses in close-contact working spaces, there’s a convincing health argument for decentralisation, too.
If an SME team is driven enough, nobody will have to worry about clock-watching or ensuring that people are doing their jobs by having a manager stalking the halls and peering over cubicle walls. There will be essential functions that rely on being physically present in a space – but there’s no reason that different functions of a business can’t be split across different spaces, cities or even time zones to maximise efficiency and save costs. And with flexibility of working time now becoming an option across many industries, that demand will need to be catered for by SME’s and other employers, in the future.
Building more efficient spaces has been an important global trend over the past few years as companies realise the impact their business has on the planet. What about the environmental cost of getting people to that office every day, and of business travel? Cutting out the commute for the global workforce has already had a noticeable effect on the environment – fake-news dolphins in the canals of Venice, aside – so now that we’ve proven it’s possible to decentralise or work remotely, why not continue that?
Carbon monoxide emissions in New York have been slashed by 50% over the past few weeks – mostly on the back of reduced road traffic – and an analysis by climate website Carbon Brief indicates that the shut-down in China has resulted in a 25% drop in energy use and emissions over a two week period at the height of the pandemic there, which is set to lead to an overall drop of 1% in the country’s carbon emissions for 2020. As industry ramps up again around the world, emissions will rise once more, but those numbers do illustrate the significant impact a reduction in worker commuting, can have for the planet.
4IR Creating Opportunities
While there’s plenty of concern that the Fourth Industrial Revolution (4IR) is going to cost millions of jobs, it’s also set to deliver millions of opportunities and plenty of efficiencies.
Robotic Process Automation (RPA) can take over manual, repetitive tasks – but instead of making the people in those functions, redundant, it frees them up to tackle more important and non-automatable tasks which can improve business operations. The global economic crisis means that efficiency and multitasking are going to become the order of the day – something the lean SME space is used to, to an extent. Embrace technology and let the people who are the heart of your business focus on helping you re-establish it and re-invent it. It’s time to innovate.
While things are set to be very different, there’s a huge benefit to collaboration to establishing and maintaining a dynamic, agile business. Entrepreneurs and innovators thrive off being able to kick around ideas, sense-check decisions with others and find ways for seemingly-unrelated companies to work together to deliver unprecedented opportunity – and there’s nothing the world is going to need more than opportunity, once we come out the other side of this.