IT Brief Australia logo
Technology news for Australia's largest enterprises
Partner content
Story image

In the sprint towards digital transformation, don’t neglect your data

By Contributor
Wed 18 Nov 2020
FYI, this story is more than a year old

Article by Ground Labs cofounder and chief evangelist, Stephen Cavey.

COVID-19 tested business’ ability to pivot, and quickly, to remote work. Regardless of size, location or sector, organisations were left with only one choice to achieve business continuity -- sprinting towards digital transformation, regardless if they were ready to do so. 

In fact, according to a study by Boston Consulting Group, 75% of executives agreed that digital transformation became more urgent in light of the global pandemic, with 65% saying they anticipate increasing their investments in digital transformation as a result.

But the sudden pivot to long-lasting virtual operations brings with it a unique challenge for IT business leaders: understanding where all of an organisation’s data resides, especially considering the amount of dispersed employee workstations today. 

While many leaders trust their employees to not intentionally disclose sensitive information, there are unintentional actions that can have severe consequences. For example, where are sales professionals storing prospect proposals, contracts and other information needed during onboarding? Where are legal contractors saving signed contracts and highly classified documents?

The answer is muddled, as employees will store these sensitive materials across a range of locations: within localised folders; synced onto cloud storage folders; uploaded onto CRM systems; archived in emails chains; captured in temporary locations by applications and shared via internal chat apps. For this reason, there’s never been a more critical time to get a better grasp on where corporate data resides - here’s how.

Establish clear device ownership

When the drastic shift to remote work occurred earlier this year, 61% of employees reported using personal devices as their primary method to access company networks while home. Given the recent uptick in BYOD, it is important to establish a clear company position on device ownership. Generally, an organisation will fall into one of three device ownership categories:

  • All devices used are owned by the company
  • All devices used are owned by the employee
  • Some devices are owned by the company, while others are owned by the employee

The ideal scenario for most IT leaders is establishing complete device ownership by the company, as it poses the least amount of security risk and allows total control over all devices, enabling remote monitoring to validate any device is safe and secure for use. However, this option is often accompanied by high costs and continuous maintenance. 

With remote work being implemented on such short notice, some organisations have been forced to allow employees to use their own devices for business -- although this is a low cost option, it comes with high security risk. As employees store corporate data on personal devices, the potential for data loss and compliance regulations are exponentially high.

Finally, there’s an IT team’s worst nightmare -- a hybrid approach of company-owned and employee-owned devices will create an IT team’s worst nightmare. Without the ability to determine ‘safe users’ from ‘rogue users’, they create splintered security policies that cause internal confusion and an overall lack of visibility. 

Start with a clear, concise device ownership plan so employees understand where it’s acceptable to house corporate data -- and as a general rule of them, try to avoid a hybrid approach where it’s often too difficult to track all data.

Set a security standard

Once device ownership has been defined, take the policy a step further by implementing a security standard. As part of these guidelines, ensure remote employees have WPA2 encrypted WiFi and encourage ‘digital distancing,’ where all non-essential personal devices are moved to a guest network, and a main, more secure network is reserved for business use.

Next, if supplying a company-owned device, ensure only employees use the device. By giving family or roommates access, it increases the chances of visiting unsecure sites. Perhaps worse, if an organisation employs corporate proxy logging, the employee needs to understand the company logs everything for security purposes - if a family member starts visiting non-productive websites, that is under the employee’s log.

Lastly, as part of the security standards for all employees, highlight that a device is an extension of the trusted company network. Do not use it to access personal storage, including portable drives, or copy personal media onto the device. Have all employees read the standards and sign off on them. Re-circulate the guidelines a minimum of once every quarter, so employees understand the importance of a secure approach to remote work.

Understand your data, regardless of its location

Once an organisation defines which devices can be used, and proper security measures when working on them, it must also conduct regular housekeeping of the data stored across the workspaces -- a process called data discovery. It’s critical to take the time to conduct a data discovery sweep across servers, databases, workstations and in the cloud. Ensure sensitive data is being housed in a responsible, compliant manner, and that employees are not being negligent with those valuable assets. Gaining a better understanding of your data is the first step to bolstering security and achieving compliance.

During this step, it’s also important to re-assess an organisation’s existing data backup strategy, which has traditionally been a challenge for most businesses. Now is the time to ask:

  • Will it continue to operate as is, or does it need to be changed to factor in the remote nature of work?
  • If an employee loses valuable data or does not have a working device, how can they get back up and running in minimal time?
  • Does the company have a default save to server / save to company cloud policy to limit data being saved on local devices? And does the company policy support this?
  • Are remote devices regularly backed up? If not, or not possible to implement, what mitigating controls can be implemented to circumvent this risk?

Data is the key to business success, but it’s important to understand it and have a plan for any interruption. Right now, fast decisions are being made and these choices can have a lifelong impact on an organisation. Do not let security risk posture fall off the list of priorities -- use the remote workforce as a means to make it stronger than ever before.

About the Author

Stephen Cavey is cofounder and chief evangelist at Ground Labs, where he leads a global team empowering its customers to discover, identify and secure sensitive data across their organizations. He leads its worldwide product development, sales & marketing, and business operations and was instrumental in extending Ground Labs’ presence with enterprise customers. Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events on topics related to data security, risk mitigation and cybersecurity trends and futures.

Related stories
Top stories
Story image
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
Data backup plans inadequate, data still at risk - study
The Apricorn 2022 Global IT Security Survey revealed that while the majority organisations have data backup plans in place, data for many are at risk.
Story image
Qualys updates Cloud Platform solution with rapid remediation
The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.
Story image
Digital Transformation
Pluralsight and Ingram Micro Cloud team up on cloud initiative
Pluralsight has teamed with Ingram Micro Cloud to build upon cloud competence and maturity internally, and externally support partners’ capabilities.
Story image
Managed service providers: effective scoping to avoid costly vendor pitfalls
Managed security services are outsourced services focusing on the security and resilience of business networks.
Story image
Public Cloud
Cloud adoption still a work in progress, NetApp finds
NetApp has announced the results of the annual Cloud Infrastructure Report based on a survey of public cloud business and IT decision makers.
Story image
Airwallex launches new bank feed integration with NetSuite
Airwallex has launched a new bank feed integration with NetSuite, developed in partnership with NetSuite solution partner, Onlineone.
Story image
Cradlepoint expands its Cellular Intelligence capabilities
Cradlepoint has announced additional Cellular Intelligence capabilities with its NetCloud service.
Story image
Apple previews new features for users with disabilities
Apple says new software features that offer users with disabilities new tools for navigation, health and communication, are set to come out later this year.
Story image
Digital Transformation
Trading up: It's time to swap core systems for flexible digital applications
This year will see more oranisations planning and commencing high tech renovations that will shake up the way they operate.
Story image
Data solutions
South Australia state satellite makes significant progress
South Australia’s first state satellite has successfully completed the Critical Design Review (CDR), moving it closer to providing tangible data solutions.
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
Artificial Intelligence
Clear Dynamics closes $35M funding round, invests in global growth
The funding is a major milestone and speaks to Clear Dynamics’ vision for AI-enabled ‘composable’ enterprise software, the company states.
Story image
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Digital Transformation
How to modernise legacy apps without compromising security
At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
Story image
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Grasping the opportunity to rethink the metrics of a sustainable data centre
A data centre traditionally has two distinct operations teams: the Facility Operations team, and the IT Operations team. Collaboration between them is the key to defining, measuring, and delivering long-term efficiency and sustainability improvements.
Story image
Cloudflare launches instant serverless database for dev teams
"Today we’re announcing our first serverless database which we expect will quickly become one of the largest databases in the world."
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
New digital traffic light system to tackle construction defects
Smarter Defects Management launches its PaaS digital system and says it will revolutionise managing defects in the construction industry.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Could your Excel practices be harming your business?
While Excel has been the de-facto standard for budgeting, planning, and forecasting, is it alone, enough to support organisations in the global marketplace that’s facing rapid changes due to digital transformation?
Story image
Rubrik Security Cloud marks 'next frontier' in cybersecurity
"The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data."
Story image
Power at the edge: the role of data centers in sustainability
The Singaporean moratorium on new data center projects was recently lifted, with one of the conditions being an increased focus on power efficiency and sustainability.
Story image
Zendesk announces new conversational CRM solutions
“The last few years have made it obvious that digital is the front door, convenience is paramount and relationships are anchored in conversations."
Story image
Google and CSIRO use AI to help protect the Great Barrier Reef
Google has partnered with CSIRO in Australia to implement AI solutions that help protect the Great Barrier Reef.
Story image
Lightspeed launches all-in-one marketing platform in A/NZ
ECommerce provider, Lightspeed has launched a new all-in-one marketing solution, Lightspeed Marketing & Loyalty in Australia and New Zealand.
Story image
9/10 Aussies to stop spending if personal data compromised
"Based on the patterns we are seeing among Australian consumers, it is evident that trust in a brand is exceptionally important."
Story image
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
For every 10PB of storage run on HyperDrive vs. comparable alternatives, an estimated 6,656 tonnes of CO₂ are saved by reduced energy consumption alone over its lifespan. That’s the equivalent of taking nearly 1,500 cars off the road for a year.
Link image
Story image
Telstra, Google and Accenture launch 5G AR experience for AFL
Telstra, Google and Accenture are developing a new 5G powered augmented reality (AR) experience at Melbourne's Marvel Stadium for the footy season.
Story image
Artificial Intelligence
SAS launches human-focused responsible innovation initiative
SAS has launched a responsible innovation initiative, furthering its commitment to equity and putting people first.
Story image
Data and analytics could be key to higher selling prices in APAC
Sisense's latest report has found that almost half of data professionals in APAC think customised data and analytics can create better selling prices for their products.
Story image
Supply chain
Jetstack promotes better security with supply chain toolkit
The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Infoblox's State of Security Report spotlights Australian remote work hazards
Attackers exploit weak WiFi, remote endpoints, and the cloud, costing 50% of organisations over $1.3 million in breach damages.
Story image
A third of companies paying ransom don’t recover data - report
Veeam's report finds 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third were still unable to get their information back.
Story image
Decision Inc. Australia enters partnership with Alteryx
Independent data and analytics consultancy Decision Inc. Australia has partnered with automated analytics company Alteryx, expanding its offering to clients.
Story image
Workato unveils enhancements to enterprise automation platform
"The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."
Story image
Digital Transformation
The impact of COVID-19 on healthcare environments and care delivery
The COVID-19 pandemic has revolutionised the healthcare industry while overcoming staff shortages, social distancing requirements, and lockdowns.