You are here

You are here

The greening of privacy: Key steps to data sustainability

public://pictures/neilc.jpeg
Neil Correa Cyber Security Strategist, CyberRes
 

Most organizations today collect far more data than they require for their business operations, simply because they can. By my company's estimates, on average, some 60% of the data that organizations collect is unused because it is either redundant, obsolete, or trivial. By eliminating this data—or by not collecting it in the first place—businesses can cut down on storage requirements and costs while also supporting sustainability objectives by using less energy.

Adopting and enforcing lean data collection, data use, and data storage practices can contribute in a significant way to corporate social responsibility (CSR) and sustainability goals, while also ensuring better security and privacy.

A lean data approach also gives organizations an opportunity to better align data security and privacy requirements with corporate sustainability initiatives. The traditional mindset for security is to collect everything and store it for as long as possible, whether you actually require the data or not. This often makes organizations a high-value target for cyber adversaries focused on gathering sensitive data and using it for blackmail, extortion, identity theft, and other malicious purposes.

Here's how to get started on a sustainable path with your data

Store only what you need

Security teams at businesses and government entities are constantly scrambling to keep up with new risks stemming from the adoption of IoT, cloud, and mobile platforms. But even well-prepared organizations are often unable to keep out adversaries who are intent on breaking into their networks to access and compromise sensitive datasets. Businesses and government organizations can reduce their data footprint and present less of a target for adversaries by only collecting and storing data they need.

Reducing the amount of data that you collect, share, and store makes sense if you are a privacy person. Global privacy mandates such as the EU's GDPR and California's CCPA require organizations to give consumers more control over their data. Notification and transparency have become key requirements for collecting data, as have concepts such as data minimization and the right for consumers to ask organizations to rectify, erase, or make data portable across different services.

Increasingly, it has become important for organizations to ensure that they collect data only for valid business purposes and have robust policies for data retention, management, and disposal. A lean data framework can go a long way toward enabling these objectives while also ensuring that business can continue to innovate and drive new revenue through consumer analytics.

Join the green thinking wave

Sustainability, with a focus on climate change, is receiving an increased level of attention within organizations because of the Paris Agreement on climate change and its emphasis on low-carbon goods and services. So, tying together security, privacy, and sustainability would be something that hits a high note with the board of directors. Going green has become a high-priority item at the highest levels within businesses and government organizations. Customers, too, are beginning to hold vendors a bit more accountable for their carbon footprint and sustainability practices.

Where do you begin the effort to align security and privacy efforts with corporate sustainability goals, and who should lead the effort?

Know your data footprint

A good place to start would be to understand your data footprint through a data discovery initiative. Identify what you have; eliminate the redundant, obsolete, and trivial data; and then apply policies to follow the remaining data through its lifecycle. Remove or minimize data from environments that are at risk of being breached because they don't have enough protective controls. Classify and categorize the data based on privacy requirements, your storage and retainment management policies, and the criticality or level of risk to the data. From a security perspective, leverage technology to encrypt sensitive data.

Centralize data control

Once that framework has been put in place, you have more control over your data. You can apply policies, so data is automatically removed or centrally archived when it is no longer needed. The approach allows you to address privacy requirements and reduce risk from a security standpoint while also aligning with sustainability practices to lower your energy footprint.

Get buy-in beyond the CISO

Any effort to tie security, privacy, and sustainability with a focus on climate change has to start from the top. Many boards generally have CSR subcommittees and initiatives around sustainability that care much more about this than the CISO or the CIO. Privacy teams are likely to buy into it more so than security. At this point, security leaders don’t care much about sustainability unless someone is asking them about it, and that can only come from the top down.

Note to self: Tech is an enabler

We need to go back to the original intent of technology, which is to be an enabler. Every technology initiative should have, as part of the business case, the most sustainable approach to addressing your business needs and risks. How much does this cost, what are the resources required and is this the most sustainable approach?

These are the sort of questions that you need to embed into your decision-making process. Ultimately, the biggest risk is if nothing happens. If you do nothing, your future as a global organization will be weak.

Keep learning

Read more articles about: SecurityData Security