Why data security is an essential investment

One of the biggest priorities relating to data at the moment is privacy, according to Colin Forrester, Business Development Manager at safety and security company UL. “Any company holding data about people has to be extremely careful when it comes to privacy and protecting that data. GDPR [new regulations governing data protection that come into force across the EU including the UK in 2018] will go much further than previous data protection laws, making organisations much more accountable,” Forrester explains. “This will be backed up by punitive fines for firms that don’t protect data effectively – punishment could include 4% of annual turnover or €20 million, whichever is higher.

 

“While there will be reputational damage due to data leaks for organisations, the potential for severe fines is likely to be the biggest driver for change this year and next,” he adds.

 

Brojak also believes that GDPR is pushing data up the corporate agenda: “It’s a shame that regulatory change and threats of fines are the catalyst, but in some cases that’s what it takes, and any resulting investment and improvement will benefit companies in the longer term.”

 

Another driver for businesses is the growing shift towards more internet-enabled devices, known as the Industrial Internet of Things (IIoT). The connectivity and automation that IIoT create can drive significant efficiencies for businesses (see our in-depth article), and the data that is created from these devices that is particularly valuable.

 

Many manufacturers are taking steps towards IIoT as part of their MRO strategy, for example, by investing in technology that allows them to predict maintenance needs before machines fail – this sort of data is hugely valuable, and can save significant amounts for organisations using it correctly, it also needs to be protected.

 

“One of the biggest benefits of IoT is the fact it generates data for your organisation to analyse,” says Forrester. “This is incredibly valuable, but it’s also essential that you take the right steps to protect those devices and the data they generate.”

 

For some companies, the potential risks have put them off even contemplating introducing IIoT, but to Mike Brojak this is akin to sticking your head in the sand. “Fear of risk is an understandable human reaction,” he says. “Thirty years ago, businesses could adopt a ‘wait and see’ strategy when it came to innovations – it was quite effective to let others take the risks and then follow behind once success was proven, but now technology and change is happening so quickly it’s very easy to be left behind.

 

“IIoT is coming to every industry, so there is no point in ignoring it,” he adds. “The key is to take some risk, mitigate that by having a good security strategy and gain the benefits of adopting IIoT while your rivals may be holding back. All of the big companies that base their business on data – from Amazon to Netflix – are always at risk of having their data hacked, but those risks are far outweighed by the rewards. They take all possible steps to protect themselves and they are growing at an incredible rate.”

 

So what is a good data security strategy? Forrester believes that it comes down to understanding the implications of new technology: “Individual computers, company networks and personal work devices are usually well protected, but IIoT devices are often more limited in terms of what protection can be applied. He explains “Nevertheless, every single new device that is IoT-enabled needs to be appropriately protected, which includes avoiding the use of common, default passwords through to ensuring any embedded software can be updated to fix vulnerabilities that may be identified during the product’s lifecycle.”

 

 

While Brojak acknowledges that companies should all have strong security measures, he believes that a key area that is sometimes ignored is internal co-operation. “I often see companies that separate out data and physical security – in many cases, they invest lots of money into digital security to put firewalls and anti-hacking software in place (which is good), but then ignore physical risks in terms of basic employee training or access to their premises or devices.

 

“There was one instance when a large corporation had great digital security, but the ethernet ports in their reception allowed people to plug straight into their corporate network rather than the guest one,” he adds. “Often this sort of thing happens because the IT department and the facilities department are operating separately, when they should be working together to reduce the chance of a security breach.”

“This principle of digital and physical security especially applies to IIoT as it bridges physical spaces and IT systems. Connected devices should be seen as an extension of the conventional IT. After all, they are embedded computers subject to the same IT security rules as any server or a laptop.”

 

When it comes to introducing IIoT the initial set-up phase is crucial, which is why RS has been helping its customers make the transition. “Here at RS we’re also in the middle of a digital transformation where we have gone from being a physical catalogue-based distributor to the point where a large amount of our sales come through ecommerce,” explains Brojak. “As such, there is a great deal of understanding in our business of the sort of challenges our customers are facing as they move towards a more data-focused operation.

 

“This puts us in a strong position to assist our customers,” he adds. “While we provide the hardware to make IIoT possible, we have also recently helped customers (either through our own team, or via partnerships with the likes of UL) in a more holistic way to set up IIoT to boost their productivity, while also achieving security levels that are appropriate to their specific needs.”