Muzi Langa, MD of ManTK IT Solutions. (Image: Supplied)
Approaching data protection as a universal, one-size-fits-all exercise can prove overly costly, or worse, fail to adequately protect the organisation’s most critical data.
The key to properly securing sensitive and critical data is proper data classification, says Muzi Langa, MD of ManTK IT Solutions, a specialist IT security and services provider.
Langa says: “In our experience, many organisations have not properly classified their data before considering the appropriate measures to secure it. In many cases, data is not even considered as an asset or listed in the asset register. These oversights can impact compliance and significantly increase their risk.
“We view data as a critical asset, which belongs in the organisation’s asset register in the same way as buildings, equipment and vehicles do. There should be protocols and insurance in place to protect all of these assets,” he says.
He notes that in many organisations, data is a higher value asset than physical assets: “Organisations need to classify their database on the impact and business risk associated with losing that data. They need to consider: ‘What would be the impact for the institution if we lose the customer data that we use for billing purposes? Are we protecting it in transit and at rest? Are we encrypting it, can we account for who has access to it, and do we have proper visibility of it all?’”
Data should be classified by what it is and how critical it is for the organisation, he says. The classifications might include restricted data, personal identifiable information (PII), financial information, customer databases, intellectual property or archived data.
“Data classification and best practice data management is an important first step in securing the organisation properly. Once the organisation has classified its data into data types, it has an understanding of what the impact would be if each data type was breached, and therefore what security measures they need to bring for each type of data,” he says.
Langa likens this approach to security to the multi-layered approach a homeowner might take to secure their home and assets.
“In our homes, we generally have various security controls in place – precious jewellery might be kept in a vault in a locked room, while the home itself has alarms and security gates, and the garden has beams and a fence. We prioritise based on the value and importance of the assets we’re protecting, and invest the most in securing the most critical assets. The same should apply to data assets,” he says.
He emphasises that data classification should be a continuous process. “Organisations need to continuously monitor and classify data because the environment is constantly changing and they are processing new data every day.”
ManTK IT Solutions helps clients improve their data management and classify data assets, to ensure they implement the right levels of protection for the most critical assets. The company also bolsters proper data management with solutions for monitoring and managing data, identity and access management and cyber security.
