Visibility is one of the fundamental Data Security strategies as you can’t protect what you can’t see!
Having no visibility leaves you in the dark on “Where” your data is, “What” it is being used for and “Who” is using it. The three W’s simplifies the most basic need to knows when it comes to Data Security and forms the building blocks of your Visibility initiative. Visibility will always provide building blocks towards Data Mapping. When talking about data mapping in a data security context it refers to understanding what data you are collecting, processing, sharing and storing. Data Mapping from a data science perspective adds the ability to establish relationships between separate data models and provide a better understanding and making integration possible.
In order to start your Visibility initiative you will need:
- Access to each departments Data Steward/Data Protection Officer.
- Data Steward is a person, per department, that is responsible for that departments data governance. They assist the data governance team by maintaining data control and management on a day to day basis.
- Data Protection Officer (or Deputy data protection officer) is a person, per department, that is responsible for that departments data security. They assist the data governance team by maintaining data control, ensuring the relevant frameworks are being followed and applied and data management
- A tool that can assist in discovering your data.
- To remember that Data Security is a Business responsibility and it is a Journey, not a sprint.
Discovery is always best started with a specific goal in mind. If you just discover everything in the organisation it could be pretty intimidating to work through.
- Start with POPIA or GDPR as the framework to comply to.
- Involve different business units to understand:
- What is sensitive data in their environment.
- Where is their operational documents stored.
- Who is allowed to send operation documents and reports.
- Who are approved third parties that they work with.
Once you are discovering Data in your environment you will be able to identify “Where” data is moving and stored, “What” applications or processes are using it and “Who” is using and sharing it. This forms the base building blocks to start Data mapping from.