Click here to learn more about author Ariel Amster.
It’s been said that, “With great power comes great responsibility”. And when it comes to leveraging the power of Big Data, organizations have a responsibility to manage vast stores of sensitive data in order to meet strict compliance rules. But in light of ever growing regulations that govern data storage, data access and analysis, and data integrity throughout its lifecycle, staying compliant can be a formidable task for any organization.
For those who are concerned with how to keep their Big Data initiatives in step with current regulations, here’s an overview of the compliance challenges many organizations face when using big data, and how to meet them.
Rapid Data Growth
Today’s organizations are being deluged by data pouring in from multiple channels. As a result, many organizations lack the capacity, systems or processes to handle this ongoing flood of data, let alone stay compliant with respect to storing and analyzing it all.
The first step for organizations in meeting the challenges presented by vast and rapid data growth is to implement data mapping. This process of mapping the flow of all data within the entire ecosystem of the organization helps to identify and classify every type of data and to ensure that it is stored, accessed, and protected properly at all times. Should a compliance audit occur, data mapping will help to make information easily discoverable, allowing auditors to quickly find whatever information, be it emails, chats, or transactions, they request.
Thanks to Hadoop on cloud there are a number of technologies available that allow organizations to map the data flow to automate the data management process.
Mobile (BYOD) Policies
The proliferation of mobile devices such as tablets and smartphones has resulted in increased employee pressure on organizations to implement Bring Your Own Device (BYOD) policies in the workplace. But allowing employees to use their own personal devices to accomplish work related tasks has opened up a compliance can of worms for many organizations. While they may increase employee productivity by allowing instant access to the corporate network from anywhere and at anytime, mobile devices by definition pose inherent compliance risks. For starters, lost devices and vulnerable apps pose big security risks, not to mention the risks incurred by employees accessing sensitive corporate data on unsecured networks. In addition, today’s mobile devices have huge storage capacity, and any corporate information that ends up being stored on such devices ends up being outside organizational safeguards and control.
In order to leverage the many benefits of a BYOD policy in the workforce, organizations need to implement and enforce clear policies that enable employees to use the mobile devices that they want to use at work, at the same time ensuring security and compliance.
Legacy Data Management
Thanks to big data technology the costs to organizations for storing data are decreasing, which means that the volume of stored data is dramatically increasing. As a result, many organizations are failing to address the importance of properly maintaining their legacy data. That’s because older data, for the most part, is not actively being used. However, there are specific regulations that govern the proper storage and management of legacy data, and organizations need to become acquainted with these and implement appropriate steps to keep legacy data secure while remaining compliant.
According to guidelines issued by the Sedona Conference—a research and educational institute designed to create a culture of compliance within organizations—“Information should be retained as long as it has business-related value to an organization, or is required by law or regulation to be retained.”
What this means for organizations with respect to legacy data is that if they no longer need it they should purge it. That’s good advice, since companies are responsible—and can be held liable—for all data stored on their systems.
As high-profile data breaches become more commonplace, State and Federal data breach notification laws will continue to be updated on a regular basis.
With respect to data security, organizations in specific industries will continue to be governed by strong regulatory requirements, such as those mandated by HIPPA in the Healthcare Industry. And as far as standards are concerned, more stringent updates on specific regulations that mandate the proper storage, mapping, and protection of all organizational data—both at rest and in transit—are becoming more and more common.
Big Data holds big promises for organizations that can capture, store, and analyze vast amounts of sensitive data properly and safely. However, non-compliance with current regulations regarding proper data management can lead to big penalties. Going forward, those organizations that operate within the “sweet spot” that lies between analyzing data for optimal business insights and staying fully compliant with the rules and regulations that govern data usage stand to gain a serious competitive edge. Fortunately, Hadoop on cloud tools that automate the data management process can help organizations find and maintain that delicate balance.