French cloud computing pioneer OVHcloud data centre in Beauharnois on the outskirts of Montreal. – © AFP/File SPENCER PLATT
Records and Information Management month, an event marked in the U.S., has seen a wave of activity about data protection and security. Those tasked with this data function are responsible for establishing and implementing policies, systems, and procedures to capture, create, access, distribute, use, store, secure, retrieve, and ensure disposition of an organization’s records and information.
Looking into the successes of the current round of records and information awareness for Digital Journal is Cloudian CTO Gary Ogasawara.
Considering the event in general terms, Ogasawara notes: “Records and Information Management is intended to bring greater awareness and recognition to Records and Information Management practitioners and the vital role they play in today’s digital-driven world. They are responsible for the consistent quality, accuracy, and security of one of an organization’s most valuable assets – its data.”
This is easier said than done and there are plenty of challenges: “These IT professionals face the challenge of managing ever-growing data volumes, many industry verticals present additional requirements that must be met. For example, medical records are governed by multiple rules and regulations, including the need to retain them for years or even decades. Likewise, while rich data is invaluable for a competitive edge, personally identifiable information (PII) that healthcare, financial services, retail and many other industries collect is also subject to stringent compliance regulations from HIPAA to GDPR to CCPA, and so on.”
Ogasawara next breakdown the essential elements of businesses systems that need to be considered: “One of the most critical Records and Information Management responsibilities is data protection, which has become increasingly difficult given the pervasiveness of today’s ransomware threat. Until recently, much of the focus in addressing this threat has centered on perimeter security solutions such as anti-malware software and anti-phishing training for employees.”
The landscape has shifted somewhat, as Ogasawara points out: “However, as these defenses have increasingly fallen short in keeping ransomware out, there is growing recognition of the need to employ systems and processes that enable quick recovery of data in the event of a ransomware attack.”
Should an issue happen, Ogasawara recommends: “One of the keys to such recovery is having an immutable data backup copy, which prevents cybercriminals from altering or deleting that data and, thereby, allows victims of a ransomware attack to restore the unchanged backup copy without having to pay ransom.”
Ogasawara adds a further consideration: “In the case of sensitive data, it’s also important for organizations to encrypt that data both in flight and at rest. By doing so, they can prevent cybercriminals from reading or making the data public in any intelligible form, which eliminates the other aspect of ransomware extortion.”