Tag: data protection

By Chris de Bruyn, operations director at Gabsten Technologies

With remote working having become the norm for most companies in the wake of the COVID-19 pandemic, the need to constantly back up critical data is not only more crucial than ever, but also requires that organisations understand the difference between remote and onsite backups.

Traditionally, backups were done on-premise and companies simply relied on the “3-2-1” backup strategy, which requires organisations to have three copies of their data (production data and two backup copies) on two different media, with one copy offsite for Disaster Recovery (DR).

However, now that workforces are spread over a massive geographical area, organisations have had to adjust their backup strategies accordingly. Over the past few months, companies have been purchasing endpoint licences, so that endpoint devices are protected.

At the same time, many organisations are also moving their critical data and systems to the public cloud, but this has to be done in a financially sensible manner, as public cloud computing through international vendors, isn’t always as affordable in South Africa as it is in other parts of the world.

Remote working has forced organisations to be a lot more agile and flexible and to consider things that weren’t always part of their thought process at the start of 2020. Previously, most companies didn’t even think about protecting laptops, desktops or endpoints. Instead, everything was kept on-premise, where shared drives were easily accessible and protected.

New dimension of risk

Now, organisations need to protect all these distributed endpoints, as remote working is adding new dimensions to the risks that they face. This means that companies have to put in place complete backup strategies to ensure that everything is protected, irrespective of where the devices and data are located.

When adopting a strategy, the key backup parameters that companies need to consider are organisational-based and aligned to what the organisation needs at the time. This is where agility is important, as a company’s data management solution must be able to adapt to what it needs at any given point.

If an organisation’s data management strategy does not provide for this, then it must be relooked at against the company’s needs and against what is affordable. The truth is that some enterprises simply cannot afford to throw money at the problem. In that case, organisations should rather team up with a data management partner that has the expertise to guide them through these problems and can also assist with a Business Continuity (BC) plan, which must include a DR strategy.

It is also very important to differentiate between remote and onsite backups. Onsite backup is a legacy strategy where hardware infrastructure that is run on-premise is replicated to a remote DR site or a secondary location. Depending on how thoroughly the strategy is applied, an organisation will either replicate their critical data or all of their data.

Not always feasible

Remote backups focus a lot more on protecting the endpoint or end user. This may not be the most feasible strategy as an organisation could be burdened with having to protect thousands of laptops while bandwidth remains costly. A better solution would be to train staff to ensure that nothing is saved to the endpoint, but rather to shared drives or approved cloud services.

While many organisations are likely to continue working from home, it is unlikely that there will be huge potential to save on office space. South Africa is intermittently plagued by load shedding and companies have, over the past five or six years, spent massive amounts on making sure that their business can function when the lights go out.

So, it is unlikely that these enterprises will throw that investment away and let people work entirely from home. Obviously, load shedding also affects workers in remote locations, so these companies would have to incur massive expenditure to provide their employees with uninterrupted power supplies to keep them working during power outages.

Of course, having a distributed or rotational workforce does increase the risk of data loss, but these risks can be mitigated with the help of a data management partner. Organisations need to have a sound data management strategy, which should be used intelligently to ensure that all critical data is always protected.

They may not have the cachet of entrepreneurs, or geek chic of developers, but data protection officers are suddenly the hottest properties in technology.

When Jen Brown got her first certification for information privacy in 2006, few companies were looking for people qualified to manage the legal and ethical issues related to handling customer data.

But now it’s 2018, companies across the globe are scrambling to comply with a European law that represents the biggest shake-up of personal data privacy rules since the birth of the internet – and Brown’s inbox is being besieged by recruiters.

“I got into security before anyone cared about it, and I had a hard time finding a job,” said the 46-year-old, who is the data protection officer (DPO) of analytics start-up Sumo Logic in Redwood City near San Francisco.

“Suddenly, people are sitting up and taking notice.”

Brown is among a hitherto rare breed of workers who are becoming sought-after commodities in the global tech industry ahead of the European Union’s General Data Protection Regulation (GDPR), which goes into effect in May.

The law is intended to give European citizens more control over their online information and applies to all firms that do business with Europeans. It requires that all companies whose core activities include substantial monitoring or processing of personal data hire a DPO. And finding DPOs is not easy.

More than 28,000 will be needed in Europe and U.S. and as many as 75,000 around the globe as a result of GDPR, the International Association of Privacy Professionals (IAPP) estimates. The organization said it did not previously track DPO figures because, prior to GDPR, Germany and the Philippines were the only countries it was aware of with mandatory DPO laws.

DPO job listings in Britain on the Indeed job search site have increased by more than 700 percent over the past 18 months, from 12.7 listings per every 1 million in April 2016 to 102.7 listings per 1 million in December.

The need for DPOs is expected to be particularly high in any data-rich industries, such as tech, digital marketing, finance, healthcare and retail. Uber, Twitter (TWTR.N), Airbnb, Cloudflare and Experian (EXPN.L) are advertising for a DPO, online job advertisements show. Microsoft (MSFT.O), Facebook (FB.O), Salesforce.com and Slack are also currently working to fill the position, the companies told Reuters.

“I would say that I get between eight and 10 calls a week about a role (from recruiters),” said Marc French, DPO of Massachusetts email management company Mimecast. “Come Jan. 1 the phone calls increased exponentially because everybody realized, ‘Oh my god, GDPR is only five months away.’”

GDPR requires that DPOs assist their companies on data audits for compliance with privacy laws, train employees on data privacy and serve as the point of contact for European regulators. Other provisions of the law require that companies make personal information available to customers on request, or delete it entirely in some cases, and report any data breaches within 72 hours.

On a typical day, French said he monitors for any guidance updates for GDPR, meets with Mimecast’s engineering teams to discuss privacy in new product features, reviews the marketing team’s data usage requests, works on privacy policy revisions and conducts one or two calls with clients to discuss the company’s position on GDPR and privacy.

“Given that we’re trying to march to the deadline, I would say that 65 percent of my time is focused on GDPR right now,” said French, who is also a senior vice president of Mimecast.

The demand for DPOs has sparked renewed interest in data privacy training, said Sam Pfeifle, content director of the IAPP, which introduced a GDPR Ready program last year for aspiring DPOs.

“We already sold out all of our GDPR training through the first six months of 2018,” said Pfeifle, adding that the IAPP saw a surge in new memberships in 2017, from 24,000 to 36,000.

Those companies who have DPOs, meanwhile, are braced for poaching.

Many of those firms reside in Germany, which has long required that most companies that process data designate DPOs. They include Simplaex, a Berlin ad-targeting startup.

“Everyone is looking for a DPO,” said Simplaex CEO Jeffry van Ede. “I need to have some cash ready for when someone tries to take mine so I can keep him.”

Reporting by Salvador Rodriguez; Additional reporting by Stephen Nellis; Editing by Jonathan Weber and Pravin Char for Reuters

Follow us on social media: 


View our magazine archives: 


My Office News Ⓒ 2017 - Designed by A Collective