Regulatory Penalties Increase Data Protection Concerns
As the amount of data has increased exponentially, so has the risk related to data loss. Regulatory agencies have realized the potential risks and are setting strict standards that vary by industry and country to mitigate the effects.
Enhanced Focus on Data Protection
Regulatory compliance is already a fact of life for many organizations, but the stakes are rising with new regulations placing greater emphasis on data protection and increased penalties for noncompliance. One new regulation, set to go into effect in May 2018, is the EU General Data Protection Regulation (GDPR), a legal mandate to improve data protection standards for all EU member states and any organization that collects and processes information related to EU citizens. It aims to address the increase in the number of security breaches and how technology advances since the previous legislation are increasing digitization and the growing need to tackle data privacy globally.
Although there is still some time before compliance with GDPR is mandatory, the legislation is spurring organizations concerned about potential sanctions. Enterprises must develop new approaches to data protection and resiliency that enable greater data availability, better reporting capabilities and more robust services levels.
Developing Greater Resiliency
IBM’s Resiliency Services Framework offers a seven-step program to help organizations identify and resolve risks and vulnerabilities within both the physical and virtual layers of their enterprise so that they can achieve greater resiliency.
The program provides a framework to ensure industry and corporate standards for business continuity, disaster recovery, resiliency, regulatory compliance and security are met in all areas of an enterprise’s operations. Each phase of the program is interdependent, meaning that companies must complete each of the steps to achieve true resiliency throughout all operations.
The first step involves an organization examining its business strategy and vision to ensure that these align with enterprise goals. The organization should then determine what changes it needs to make to build a successful resiliency plan. It must define a committed executive sponsor for the resiliency program and map out the roles and responsibilities of everyone involved.
Then, the company creates processes to support and sustain resilient business operations and maintains an infrastructure that can withstand disruptive events so that business operations can continue.
The next two steps are entwined and focus on applications and data. Organizations must examine applications that enable the business to run and evaluate how data is collected and shared across multiple applications and data sources. The core goal of these steps is to ensure that data is adequately protected.
The sixth step involves examining the IT infrastructure to gauge whether it is optimized for the needs of the particular organization. This should include looking at which workloads are placed in the cloud and whether there are sufficient recovery procedures in place for all parts of the environment. The final step involves evaluating the physical facilities to ensure that they are optimized for near-continuous availability and determining what alternatives may be needed in the event of a disaster.
Adopting a framework such as this that holistically analyzes all parts of operations will help organizations achieve greater resiliency to enable enhanced data security and regulatory compliance.