The Data Management domain can be defined as the people, processes, and technology by which information is acquired, used, and managed in a way that extracts maximum value while managing the associated risk. The data held within organisations has significant value to that organisation, but also to malicious third parties. Protecting that data as it relates to corporate mandate, regulatory controls, or even end-user expectations has become a focus of all organisations. Given a number of paradigm shifts in the IT landscape, such as cloud adaption, zero-trust architecture and BYOD, the mission is becoming much more difficult. All the while, attackers continue to get better and more sophisticated.
Data Governance is where every policy, procedure, and control that impacts data will start and end. A strong data governance program that incorporates specific policies, monitoring and controls are just part of the way to implement effective data protection and privacy.
The data lifecycle includes areas of data discovery, data classification, and data loss prevention in regards to document and content management.
How can we keep data and information private from those who do not have explicit permission to consume it, whether that data is in-motion or at-rest? Encryption solutions like tokenisation, as well as secure private keys and certificate management help keep data secure.
The enterprise database is where the majority of an organisation’s data is held. This data feeds ecommerce systems, customer and user data systems, patient and governance citizenship systems, and myriad other critical systems. Through encryption, access control and database monitoring, and secure handling you can keep the database secure.
Part of securing your data is ensuring the availability of that data. With a holistic approach appropriate for all organisations large or small, solutions around Business Continuity, Disaster Recovery, and Backup & Restore helps achieve data availability 24x7x365.
The rise of insider threats poses very real threats for organisations. Insiders can act with malicious intent, insiders can also act without malicious intent and mistakenly cause harm, or an account or persona of an insider can be compromised, appearing to be a legitimate user. These threats can be addressed through training, measuring and monitoring, investigating and mitigating.