Get in Touch
Published: 20th March 2023 | In: Insights
Organisations are starting to think seriously about the governance, security and life cycle of their data, the importance of compliance, and how all this ties in with their overarching business goals – and their risks. With tighter government and industry regulations, the trend of more customers wanting data privacy and heightened risks from cyber security incidents all coming to a head, now’s the perfect time for businesses to take the bull by the horns.
To help our customers overcome these challenges and maximise the value of their data, Quorum Cyber has appointed Graham Hosking to the newly-created role of Data Security Solution Director.
Trained as a technical architect and arriving with a proven track record, Graham has over 20 years of experience – including six at Microsoft – creating business strategies and delivering projects for organisations as diverse as banks and insurance companies through to central government, police forces and charities. He’s guided them to comply with regulations, manage data risk and govern the full data life cycle.
In the ever-evolving digital world, it’s long been obvious that data is one of the most valuable assets that any organisation in every industry possesses today. However, many businesses are struggling to manage their data to achieve maximum value from it
while, at the same time, protecting it from the rising number of cyber security threats. Furthermore, a surprising number of organisations don’t know precisely what data they store, where it resides, how best to handle it, who is accessing it and, arguably the trickiest part, when to delete it.
Data is everywhere
Organisations store and transfer data in a multitude of databases, apps, platforms, devices and the cloud, some of which is managed by third parties. It’s regularly copied, moved, edited and retrieved. So, it’s no wonder that so many haven’t yet got to grips with identifying what structured and unstructured data they store and where it is. And some are scared of destroying any data at all in case they need it in the future.
While organisations have understandably been more focused on defending themselves against external attacks in the last few years, we believe that risks can equally manifest and multiply from the inside. That’s why Quorum Cyber offers tailor-made services to help businesses, government departments and non-profit organisations identify, label, store, access and protect all types of data, and prevent data loss and exfiltration, from source code to financial data, and from intellectual property (IP) to their customers’ personally identifiable information (PII).
People and policies first
Aligned with Quorum Cyber’s approach to cyber security, its strategy with compliance and data security is to put people, policies and workplace culture first to ensure that a solid foundation is built on which to overlap Microsoft technologies. We then work with specific departments and roles such as HR, Legal, IT and Data Protection Officers to make sure they comply with various industry and government regulations, including the Data Protection Act 2018, the General Data Protection Regulation (GDPR), Privacy and Electronic Communications Regulations (PECR), plus hundreds more. It’s really important to have these business conversations first and to bring Chief Information Security Officers (CISOs) along on the journey.
Every nugget of data has a life cycle. It needs to be stored and secured, and the data owners need to manage who can read or access it. Finally – and this is the most difficult stage – redundant data needs to be deleted properly at the right time without breaking any laws. There’s a very fine line here because industry regulators can award financial penalties if certain data is erased too early or if other data is retained for too long. Few, if any, organisations have yet mastered the complete data life cycle.
Naturally, some employees need to access and work with company data on an ongoing basis, and legitimately send data outside the organisation. But how is this managed? When, where and how they do could make the difference between complying with the law and regulations, and breaching them. It could be the difference between data being secure or sensitive data getting into the wrong hands, sold to a competitor, leaked on the dark web or published online for the world to see.
Ensuring data security involves more than just technology – it requires people and processes and effective communication among business units to comprehend what the outcomes will be before implementing any technology.
Graham Hosking, Data Security Solution Director, Quorum Cyber
Contextualising user insights
To help you discover who’s using your data, we contextualise user insights to understand and map employees’ behaviour over time. Crucially, we do this in a way that obfuscates their identity so that their privacy is protected and no potential individual biases in their organisation are played out against them. We apply a risk score to anonymous users and, in a red-flag event, we share the information with the business so that they can decide what action to take.
Furthermore, utilising Microsoft’s latest data management tools, including Purview and Priva, we achieve all this by applying business logic so that employees don’t need to worry about remembering the particular rules around the data they work with. This way, they won’t be able to accidentally read, access, copy or delete data by mistake.
Our comprehensive compliance service, which aligns with our suite of cyber security services, provides a host of benefits to organisations of any size and complexity, including:
- Comply with all industry and government regulations
- Gain a comprehensive view of your data landscape across your whole organisation
- Monitor user activities and behaviour (contextual user insights) to gain a better understanding of who has access to your data and how, when and where they are using it
- Identify and classify sensitive or regulated data
- Implement appropriate security controls and access policies to protect your data
- Uncover hidden risks that may be compromising data security
- Strengthen your data security posture
- Prevent data loss, data theft and exfiltration
- Mitigate against financial losses, legal action and reputational damage
- Reduce the cost of managing your data
- Improve the trust and confidence of your stakeholders
- Minimise your overall risk exposure
Find out more
Learn more about our Compliance service on our website. If you’re worried about any aspects of data governance, compliance or security, reach out to us via our website, email us at [email protected] or call us on 0333 444 0041.