What does the exploitation of data represent in a company today?
William Marcy: In the past, all software solutions were sent to the IT department. Little by little, the trades evolved and needed new tools. These tools have generated new data, which is not necessarily structured in the same way. Data has become a strategic asset. she is now the most valuable asset to improve the management of your business. The future of a society is measured by the data it stores, analyzes, manipulates and sends. Data enables you to make the most informed decisions, make predictions, and gain market share.
But today, the volume of enterprise data is skyrocketing, in terms of quality, quantity and sources. Therefore, our clients need effective solutions to centralize, exploit and protect their data. Indeed, if they tend to be more and more open and accessible, they must be so, above all, in a controlled and secure way.
Mathieu Charbois: And that is the real question that companies must ask themselves today! They must ask themselves how to exploit the full potential and richness of their data, without fearing a cyberattack. It is a risk they cannot escape: companies will be attacked, it is now a certainty. As proof, last year, more than one in two companies has suffered a cyberattack.
To anticipate it as well as possible, we must not wonder if it will take place. On the other hand, you have to project yourself into the “when” and the “how”. This forecast is effective for implementing an organization’s cybersecurity, risk management, and technical solutions capable of reducing the probability and impact of a cyberattack. This is the subject of our latest guide.
How do you support businesses against the threat, while leveraging the wealth of their data?
WM: First we help them use their data, to understand the problems and the different types of data. The goal here is to store, query, or exchange data efficiently and securely. To control all this data, governance mechanisms are essential. We implement them with our clients to:
- Industrialized data processing;
- Check its quality and reliability;
- Have a vision of its relevance, its evolution and its traceability.
The Business Intelligence platforms made available to them allow them to exploit this data thanks to indicators of performance (visuals, dashboards, etc.). Therefore, companies make sure they are using the right data, at the right time, following the right management rules and the right business rules.
The projects are multiple, strategic and structuring for a company: deployment of a CRM, implementation/migration of an ERP and implementation of analytical solutions. As a result, companies are faced with a large volume of data. Amounts of data is shared every second between the different servers and is therefore mostly exposed. The security aspect is now part of every project. As such, it must be evaluated at all times, before, during and after the deployment of the different projects. This increased vigilance reduces the risk of theft or compromise.
MC: Indeed, companies tend to leave this aspect in the background. However, it is at this stage that the situation can become critical. As soon as the project is delivered, it is necessary to audit the system and its interconnections, to continually ensure that it does not present new failures or threats. Companies often consult us with these two main problems of operating and securing their data. Then they ask us in what order to move forward. In reality, it all depends on your maturity, the bulk of your project, and the security measures that your information system puts in place.
Take the case of a company in the middle of a data reflection. Which are the steps to follow?
MC: It is essential to integrate an ISP approach (Integration of Security in Projects) from the beginning of the project. Attending above all to the needs and imperatives of security, the company saves time and anticipates audits, through solutions that meet both business needs and security concerns. This precaution avoids any intervention downstream of the project, to try to secure a solution already developed. If you want to integrate security effectively, you must first think globally and in an optimized way.
And in the case of a company that has already launched Data projects?
MC: A company can go further by first detecting failures in its computer system. Then you can implement protective measures as soon as possible. At this stage, the company must be in a position to take preventive or corrective measures on its assets, such as in supply chains, production or services. Thus, you can preserve its integrity.
The implementation of constant operations of Maintenance in Operational Condition (MCO) of the information system must be complemented with operations of Maintenance in Safe Condition (MCS), many times passed to the background. This will involve, among other things, actions of:
- Technological surveillance, to identify and list security vulnerabilities;
- An analysis of the impact of the breach on the company’s assets;
- An assessment of the criticality of these defects;
- The implementation of preventive actions;
- Recurring tests ensured by the implementation of pentest;
- Organizational audits to validate the effectiveness of these actions.
What limitations and issues related to the use of data?
WM: I would cite governance and data integrity. As I said before, the volume of data is constantly growing, because data is born at all levels of a company. The most visible consequence is loss of control. Sometimes an employee is not even aware that the data received and made available to others contains inappropriate or inaccurate and therefore unreliable information. This “data proliferation” is present in many companies, then unable to cope with the rate and volume of data entering their systems.
To ensure data quality and security, the establishment of governance (control and protection of data, processes, roles, policies, standards and measures…) is fundamental. All these aspects ensure the effective use of information, to help companies achieve their objectives by establishing processes and responsibilities.
This issue should be at the center of a company’s concerns. In fact, a company can have the rarest data on the market. However, if they are unreliable, non-conforming, or unusable due to their form, they will be useless, even be harmful to him in their ability to make the right decisions.
MC: In fact, to implement good data governance, the implementation of an Information Security Management System (ISMS) is the most appropriate solution. It is a true pillar of security governance. It makes it possible to commit, in a framed manner, a set of security measures to effectively manage an approach to securing the IS. There are tools like APOS to manage your ISMS and the governance of your cybersecurity.
Let’s go back for a moment to the limitations that a company that manages data faces. We could cite regulatory compliance: many laws and regulations require companies to protect the data of their customers and employees. Therefore, the company must comply with these rules. This is the case for companies that manage health data, and that must obtain Health Data Hosting (HDS) certification, based on the ISO 27001 standard or, more commonly, GDPR compliance, for any company that processes personal data.
Do you have a last word?
MC: Cybersecurity can no longer be a neglected topic in any type of IT project, and particularly in data projects. In fact, external attackers seek prioritize sensitive and strategic data of a company, to demand ransoms for example. In addition, cybersecurity, if it is taken into account before a project, does not represent a cost or a brake on innovation.
WM: Working hand in hand, security and the Data project can bring enormous added value and competitive advantages to a company. Then you can look to the future with confidence and ambition. It is important to work with a trusted long-term partner. We’ve seen it for 20 years, as specialists in consulting, implementing, integrating, and hosting our solutions (Editor’s Note: Microsoft, SAP, Talend, and Salesforce).
Our support is differentiated by our knowledge of different sectors of activity, ETIs and large companies. Knowledge acquired through our experiences and our R+D+i center. We also retain complete management of our projects and support for all of our facilities. Ultimately, we are committed to our results for our clients.
TVH Consulting also has experience in cybersecurity to support its clients in your 360° security strategy, the information system ensuring its regulatory compliance (ISO27001, HDS, LPM, GDPR, etc.), but also supporting them in technical audits and intrusion tests. The development of the group has accelerated for more than a year and allows us to enrich our experience around the information system of companies.
This content was produced with SCRIBEO. The BFMBUSINESS editorial team was not involved in the production of this content.
Source: BFM TV
