Chinese hackers. NSA snoopers. Data breaches and information leaks. All of these very real threats are causing organizations to take a hard look at how their store their data, where they store their data, who has access to their data and the levels of security to protect their data. This all spells opportunity for the solution provider channel as they try help their customers evaluate their data storage and protection strategies.
One of the critical areas where solution providers are helping their customers is with separating their data—between corporate and personal—to make it more difficult for leaks or security breaches. In fact, research group Gartner recently said that by 2019, 90 percent of organizations will have personal data on IT systems that they don’t own or even control.
Companies need to create a privacy program that keeps personal data at arm's length, but under control, according to Gartner. Enterprises are always security targets and hackers focus on vulnerable IT infrastructure. As protection for such infrastructure improves, malicious hackers have started to focus on softer targets, such as employees, contract workers, customers, citizens and patients, Gartner said.
"As the amount of personal information increases multifold, individuals and their personal data will increasingly become a security target. And, yet in most scenarios the organization is still ultimately accountable for the personal data on its IT systems," said Carsten Casper, research vice president at Gartner, in a prepared statement. "The time has come to create an exit strategy for the management of personal data. Strategic planning leaders will want to move away from storing and processing personal data in the next five years,” he said.
Here is where solution providers really prove their worth as many companies eliminate credit card data from their own internal systems and turn it over to an external service provider. “If control requirements are too strong and implementation is too costly, it would make sense to hand over personal data to a specialized 'personal-data processor,'” according to Casper.
Gartner has identified the following five steps for organizations to prepare, all of which involve solution providers:
- Create Clear Delineations Between Personal and Non-Personal Data—Garner said the first step should be to create a policy that draws a clear line between data that relates to personnel—such as contact information and health and financial information—and data that does not.
- Protecting Personal Data—Person data protection needs to be airtight. Again, here comes the solution provider. Once personal data has been located, it needs to be protected whether it is stored on premises or in the cloud.
- Favor Purpose-Built Over General-Purpose Applications—Gartner says that any technology that processes personal data in the same way it processes non-personal data ultimately puts that data at risk. Business decisions based on data are easier if employee performance information is stored in an HR management system, customer information is stored in a CRM system and financial and business information is stored in an ERP system.
- Follow Data Privacy Standards and Protocols—Privacy standards and protocols are needed to simplify control frameworks, audits and information exchange. Solution providers can help companies set up specific privacy standards that covers cross-border transfer mechanisms.
- Logical Location Rules Over Physical and Legal Location—Although privacy expectations are still favoring physical boundaries, the fact is with cloud and mobile computing; organizations need to take a more realistic approach as to where data is ultimately housed and who has access to what. Gartner uses the example of personal data being stored in a data center of a U.S. cloud provider, which is operated by a third-party service provider from India. However, data is encrypted, the Indian IT employees manage only routers and servers, and only European employees of the customer can actually see the data. These employees are located in Europe, and bound by a European employment contract and European privacy laws. Logically, the data is in Europe, although legally and physically, it may be somewhere else.
So as organizations continue to evolve their data protection strategies and move toward separating business data from personal data, solution providers will play a major role in the coming years.
Knock 'em alive!