STOP LOOKING AT THE SUN WITH A SIEVE: ENJOY THE GDPR!
Mar 14th 2018
Information security is the order of the day. Constant attacks on IT systems are causing more or less intricate situations to companies’ management. But information security has many different dimensions.
Ransomware is one of the latest sources of concern, as hackers enter and encrypt discs that contain vital business information. If you fail to pay a ransom, you’ll become unable to access information, which can be more or less valuable for your company. It all depends on whether or not you have updated backups, and on your capacity and speed to restore safeguarded information.
Most companies do not have any business continuity plans, which can be quite inconvenient and unreasonable these days. Hiring an auditor to assess the state of information systems, as well as implement his/her recommendations, may not be cheap, we give you that. But won’t it be much cheaper than losing your information? Or worse, if data is tampered with on purpose, can you still be sure that you are making the right decisions?
Another dimension of information security also on the agenda is the General Data Protection Regulation (GDPR). In a very short timeframe, May 25, 2018, the GDPR enters into force and its consequences, although widely spoken, disseminated and transmitted in various forums, are not being fully measured by companies.
In most events on this subject, regulatory and legal information and consequences are transmitted while using a negative view, i.e. reinforcing the weight of fines, penalties, etc., which can lead a business to bankruptcy. Few show the great opportunity and benefits that the RGPD implementation can bring to companies. So it seems reasonable to ask whether and how, in fact, companies can benefit from this type of regulation.
During my many years of auditing and consulting, I have worked for companies of all kinds and in almost every business sectors. Many of them have implemented integrated systems of the ERP (Enterprise Resource Planning) type. This need had a huge boost in the 90s of the last century, but it is still present today.
“A business without an ERP is not well managed for sure!” – this is something that we often ear. However, not many know what is behind the ERP acronym. Well, it’s quite easy: it’s the biggest attempt ever to create a machine containing the most varied business processes of any company.
Attempted and achieved in most cases, but systematically bombarded in its foundations by the creativity and innovation of other much more complex and dynamic "machines" – people! And here is where one of the biggest and most famous "artillery pieces" comes in that confronts the "almighty ERP", the spreadsheets. What is even more incredible is that these tireless “guerrillas” began to win one battle after another, almost winning the war.
But then came the ERP "retaliation", the notorious Cloud ERP, with all its arguments of security, scalability, accessibility, integrity, as you need it functionalities, etc. Could it beat the spreadsheets? Well, at this point we can say that not yet because they have retaliated and turned the Cloud in their favor.
Meanwhile, other forces have entered the business management panorama - Mobile and APPs. These are new and complex forces since they both support information integration (they help the ERP) and are "turncoats", striving to become independent by innovating in the business models and functionally they provide to companies.
In face of this complexity, flexibility and increasing variability scenario, why not take advantage on the GDPR to put some order in the house and start a true and consistent information management?
With so many ongoing battles, the GDPR can be an element of stability, fundamental for the control of information by companies. The "big guerrillas" are also the biggest factor of uncontrolled information. Practical, fast and productive, they are also easy to copy, send, change and customize. They are the biggest source of unsafe information and one of the highest assets for people who change jobs, especially if they are hired by the competition.
It is, therefore, the right time to stop looking at the sun with a sieve and use the GDPR to evolve substantially in your information management. Frame the GDPR into a Digital Transformation process that guarantees information security, but also its availability and integrity, while increasing the levels of effectiveness and efficiency of your company and consequently your competitive edge.
Written by José Pedro Gonçalves, Security Lead at Cleverti