In my earlier article, ‘Is Data Protection significant?’ we clearly established that data protection is important, even more so than data security, at least in dollar terms. Now the question arises as to who should sit up and take notice and how should they go about the business of incorporating data protection in their organisational diet?
We partly answered the former with my last article but here is where the critical mass question arises. Say, I’m a small NBFC or a microfinance company and my turnover isn’t in the hundreds of crores; or let’s say that I am a large human resource intensive firm with way too many people (sometimes externals like agents or franchisees), and thus how can I, in either case, afford the solutions (which, to be honest, are not inexpensive).
In real terms, each of your employees cost you approx. Rs 54,000 in damages due to data mismanagement, and so it follows that can I mitigate this loss with a lower-than-real cost. Yes, you can. Realistically the RoI on the Comprehensive Data Protection Investment is between 1.5-2.5 years. I don’t know of any business that gives you that kind of return, do you? So why aren’t most CXOs sitting up and taking notice? Either its short-sightedness, lack of compliance requirement, lack of knowledge, too many things already on the plate, sheer laziness, or a combination of all of the above; I really don’t know. But in any case, it translates to negligent inefficiency.
You have the opportunity as a CXO to change that and that too with real data to back your argument to the powers that control the finances for such acquisitions. Functions of data security do not have such data to back them up, not to say that they aren’t required, they most certainly are, but there is no real data in terms of monetary sum to back them.
The cost is per head in most solutions so even small and medium enterprises cannot afford to miss the wave that is hitting the big guns right now. I hope that gives you food for thought because if it does it means you are a thought leader. Thought leaders drive organisations.
Let’s come to the second and more complicated part of the question, incorporating the solutions into your organisational diet, how do you go about it? Easier said than done, so let’s look at it piecemeal.
Prevent embezzlements and data theft
In large and complex organisations, it becomes critical to take the decision making out of the hands of the users and make the same an
organisation-wide policy-driven decision which can be enforced through role / user-based access control policies.
Now how do we do that? In short, you have enterprise security in place for external threats, you must simply complete the ‘Data Protection Puzzle’ as follows.
The data protection puzzle is crucial in the implementation of UEBA, or User Entity Behaviour Analytics. It tracks the behavioral patterns of your employees. Well-implemented puzzles have prevented embezzlements, data theft, insider cyber-attack and even alerted management to attrition; all ahead of time.
Finally, you will gauge that you have increased security, improved compliance, decreased costs, and improved productivity…not to mention reduced monetary loss arising from security breaches.
The work has already been done for you, now it becomes a matter of ‘organisational will’. Will you / your organisations take lead?
Utkarsh Morarka is co-founder and business development head of IndusOne Business Solutions.
First Published: IST