Today’s data landscape is marked by two new factors. Firstly, more and more companies are becoming increasingly global thanks to their ability to do business almost anywhere through a mobile workforce. According to Forrester Research “the number of anytime, anywhere workers who use multiple devices and work outside the office has risen from 23% of the global workforce in 2011 to 29% in 2012.” A second crucial change that companies face today is the ever-growing and complex web of data privacy laws and regulations that they must adhere to. Further complicating the situation, as cited in a recent IDC report, workers are increasingly using their personal smart phones - rather than corporate phones - to carry out their work, adding to the number of data regulations that companies must comply with. Implementing compliance programs within a company's datacentre is difficult enough without having to expand them to cover employees’ personal devices. For compliance and legal reasons, IT departments must be able to rapidly locate data to meet policy requirements.
Although organisations understand the importance of securing corporate data, they often struggle to manage data protection. It is a complex and serious matter that comprises two equally important aspects: security and privacy, which must go hand-in-hand and are not interchangeable. Data security is the protection of data from destructive forces and unauthorised users, and is achieved by employing tools such as firewalls, encryption, and malware detection. Data privacy, on the other hand, deals with determining what data can be shared with third parties, in order to avoid breeches of authorised data access.
The rise of the mobile workforce means that larger organisations stand to suffer the most, as they struggle to meet data privacy obligations with so many devices in use. A mobile workforce may mean organisations have to comply with different privacy laws depending on the country where their workforce is travelling. The use of the cloud and new centralised governance solutions have helped manage the mobile workforce by providing flexibility to support employees working remotely and optimised networks make it easy to access the data safely from anywhere in the world. The cloud gave a clean slate security-wise, by obfuscating the storage of both data and metadata, by giving the ability to use encryption wisely, and with the use of authentication controls. But the main problems organisations are incurring are not to do with data security but with data privacy and this raises questions as to where data should be stored, where the encryption keys should be stored and, of course the main question: who can access the data?
So how can we manage privacy in such a challenging environment?
First, specific regions must be designated for the data to be located. For example, a German employee’s data could be stored in a German AWS datacentre but accessed from any device, anywhere in the world so that even when this employee is travelling their data is still located in Germany.
Different types of privacy requirements demand different approaches. Data residency regulations, for example, place limits on what can happen with data depending on its geographic location. Employee privacy on the other hand, is what makes organisations legally responsible for employee data (such as personal health or financial information). Corporate privacy, slightly more sensitive, is for data within an organisation that may need to be kept private from other employees (e.g., IT) - this could be the data of high level executives or human resources. But there are times when privacy rules have to be overruled, such as in a legal instance when data has to be provided for eDisclosure. For that reason, organisations must also have processes that allow people in specific roles to override privacy measures if and when required.
Mobility of the workforce has brought a whole new set of data protection necessities and measures. As big data starts streaming into containers on-demand and mobile software becomes increasingly "smart,” organisations are seeing an increasing need to implement stronger privacy measures and above all, ones that are adapted to the current realities of workforce mobility.