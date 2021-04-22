[Sponsored Article] The Covid-driven surge in online traffic accelerated the rise of the digital economy, ushering in an era of dramatic change for much of the business world. Indeed, estimates show the amount of new electronic data created over the next three years will be more than that created over the past 30. With that, though, come heightened concerns about data security and privacy, an issue which affects every exchange or transaction, and one with major implications for companies and consumers. A recent survey found that 54 per cent of organizations say lack of visibility in this respect is a major concern. So, as digital footprints expand, the key is to find the right balance between transparency and protection of user data. On one side that means enabling easy access to online services, trading platforms, and the realms of e-commerce. On the other, it is all about safeguarding sensitive information, preventing misuse, and respecting relevant regulations on governance and compliance. “We always point out that three things should go hand in hand: awareness, security and compliance,” says Harry Pun, senior executive with Microsoft Greater China’s cybersecurity solutions group. These days, with so many companies eager to switch to the cloud and digitalize operations, Pun emphasizes the importance of taking a strategic approach to implementing risk controls. For Microsoft, that means first laying the groundwork by identifying where data on customers, regulations, employees and commercial deals is actually located. The next step is to classify that data, which is rarely straightforward. The best approach is to assign clear labels to designate, for instance, non-business information, data which is and isn’t meant for public consumption, confidential files which could harm the business if “overshared”, and the highly confidential material including trade secrets. For larger companies, a usual point of reference is the General Data Protection Regulation (GPDR), and the initial process should create rules for saving, deleting and safeguarding data before rolling out new tools. It also makes sense to consult in-house legal and HR teams on anything relating to governance, risk and compliance, and on promoting education and awareness among staff and business partners. “On the technical side, it is important for us to understand each customer’s individual needs,” says Nelson Yuen, advanced compliance global black belt with Microsoft Asia’s cybersecurity solutions group. In passing, Yuen also notes that the total amount of data is doubling every two years. In the corporate context, that stems in part from the switch to remote work, with employees using a wide range of their own devices to communicate with colleagues and access the office environment. What ensues is a need to avert the increasing possibility of data leakage, outside breaches and insider risks. Here, though, the Microsoft 365 solution enables organizations to use machine learning to detect, investigate, and act on malicious and unintentional activities. Privacy is built-in and anonymity controls ensure data about risk is appropriately managed across different digital estates. “In the past, it was easy to locate everything in a file server assigned to a department, and all PCs were provided by the company, so privacy and protection policies could be uniformly applied,” Yuen says. “But now, there often seem to be no boundaries on what information is internal or external, and no proper governance of what is private data. A PowerPoint presentation which can go everywhere can’t be handled the same way as contractual information or a key pre-launch marketing document.” So, besides investing in suitable technologies, companies should seek advice on fixing proper rights of usage and defining clear rules for sharing confidential information in and outside their organizations. This leads, of course, into the area of corporate governance, industry regulation, and the more generic aspects of law enforcement, all of which have to be taken fully into account. “Under the GPDR, high penalties can be imposed for failures in data protection and governance,” says Pun. With that in mind, he notes that Microsoft makes a point of maintaining close contact with regulatory bodies to keep them informed about the latest technologies in areas such as cloud enablement and what end-users expect. “Regulations have to be up-to-date and relevant, not least because cyber crime’s ‘bad actors’ are becoming more organized,” Pun says. “When it comes to information protection and governance strategies, tailor-made solutions are required. Companies should invest in the right technologies and have well-defined policies to protect their data and minimize risks.”