JJ MILNERThere is no better defence of corporate data than common sense
Companies should encrypt data to retain control of their data exposure, ensuring that corporate information is not compromised or lost, says managed service provider Global Micro Solutions MD JJ Milner.
The Protection of Personal Information (PoPI) Bill will require all companies to access and delete personal data, which will result in increased data control, especially data stored in other jurisdictions, he says.
Companies often use free overseas mailboxes with basic or universal service level agreements, but this leaves companies with few, and costly, choices to gain compensation should data be lost or leaked. However, the data may still be lost, with the commensurate loss of business advantage or increased business risk, Milner says.
“Even a free solution is not truly free. There are data connectivity costs and there is also a latency delay to international servers, while companies are not guaranteed that they will be able to effectively prosecute the offending service provider should data losses or leaks occur.”
Companies should look at South African service providers because the companies will be able to use local laws to hold the service providers to greater account within South African jurisdiction. Companies can also determine the levels of service they require.
“However, there is no better defence of corporate data than common sense. The primary rules of reducing data exposure, data sprawl and retaining data control are necessary to mitigate potential losses of data by service providers,” he says.
There are several options that companies can explore should they host data with a service provider, including using a transparent encryption proxy, which stores encrypted data to which only the company holds the encryption keys.
Companies must create a sphere of control of their data that incorporates the most critical data and, thereby, retain control of the potential exposure of their businesses’ data. This can partly be achieved through encryption techniques and sound data manage- ment principles, says Milner.
ThePoPI Bill and related data privacy laws are laying the groundwork for correct behaviour with regard to data management in South Africa, but it is not a cure-all for unfit data management practices and also does not mitigate criminal risks of data exposure.
Using multifactor authentication, for example, to secure transparent decryption of sensitive documents or documents that may be distributed to several devices, can help reduce unintended data breaches and can help companies to maintain control over their business data and risks, concludes Milner.