This page contains a Flash digital edition of a book.
RISKY BUSINESS with Frank Duffy


To preserve competitiveness and compliance, companies must leverage lifecycle controls to curb data growth


anadian businesses are struggling with the explosive growth of data. Un- certainty in how to address this growth may lead some organizations to capture and store all data indefinitely. This ap- proach is based on the false assumption that the cost of storing the data is less than the loss that may be incurred should the data not be available when it is needed. The key to managing data growth ef- fectively is understanding the data life- cycle. Data growth controls are required at each stage of the life cycle to identify and mitigate threats and vulnerabilities. Data protection decisions made at each stage affect subsequent stages. For ex- ample, the decision to store all data is a consequence of not considering the data life cycle beyond collection of the data. The consequence of poor data life cycle controls is increased indirect costs to mitigate risk. Indirect costs are often poorly understood. Here are some risk factors that drive indirect costs: • Current technology infrastructure may not scale effectively. Simply adding server capacity may degrade system performance, while past storage strate- gies may not meet new or emerging business requirements.


C


• Non-compliance due to increasingly complex regulation. Whether it is in re- gards to the environment, product safety, privacy or financial reporting, Canadian businesses are facing increasingly com- plex data retention requirements. Non-


12 SECURITY MATTERS • JULY/AUGUST 2010


GROWING PAINS IN THE INFORMATION ECONOMY


compliance due to poor data access or retention practices is frequently resulting in the added costs of project delays, un- planned upgrades and fines levied by empowered regulators.


• Lower quality of service for employees and customers. Poor search capabilities across expanding data stores reduce the effectiveness and timeliness of de- cision making processes. If employees cannot find or access data they need to carry out their duties, staff performance and compliance with policy may suffer.


• Confusion of ownership rights giving rise to litigation risk. The integration of data assets and transfer of ownership, particularly during mergers or acquisi- tions, is becoming a more prominent point of concern. When acquiring data assets, questions are frequently raised around conflicting rights to data, the completeness of data asset transfers, and the assuming of obligations to pre- serve sensitive corporate data or to safe- guard personally identifiable information. Though data growth has long been a concern, recent changes in technology and economic conditions are putting businesses under pressure to demonstrate action. Adopting the following proactive principles should assist in mitigating data growth risks: • Identify the value of data. It is impor- tant to understand the need to capture and store data beyond its initial use.


• Limit the collection of data. Only data that is essential to satisfy a specific business requirement should be col- lected. Collection of unnecessary data may be prohibited by law or corporate policy, such as the collection of unnec- essary personal information. Excessive collection of data may also lead to costly duplication of data.


• Use and share data responsibly. Mul- tiple copies of data are indicative of in- effective search and access solutions, as copies would not be necessary if users could easily find what data they needed in a format that facilitated use.


• Retain only data of value. Data should be retained only for as long as is nec- essary to meet operational and regula- tory requirements.


• Establish effective governance. Data- related policies, practices and proce- dures should be reviewed and updated to consider the impact of new or emerging technologies or reg- ulations on the data life cycle. Com- pliance should be measurable and assessed frequently, with clearly de- fined consequences for observed non-compliance.


A risk-based analysis of the data life cycle is essential to effectively manage data growth issues. Risk-intelligent organ- izations are seeking competitive advan- tage by determining vital data assets and reducing the total cost of data ownership. By focusing on data of value, these com- panies are positioned for dominance of the information economy.


Frank Duffy is a manager in the informa- tion risk practice at Deloitte Canada (www.deloitte.ca)


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32
Produced with Yudu - www.yudu.com