Digital innovation has become a main driver of competitive advantage, no matter the size of an organisation. Business and technology leaders are under growing pressure to drive digital transformation and do it both quickly and with the right levels of security controls.
But meeting security and compliance regulations alongside internal guidelines has become a real hurdle as regulations become increasingly complex and data breaches are now daily events.
“Most business leaders will tell you that the two are in conflict — a growing number of Australian organisations are struggling to achieve one without compromising the other,” Anoop Dhankhar, country manager of ANZ at MongoDB, said.
“But this dichotomy doesn’t have to be a reality, and with the right approach, innovation and regulatory compliance can support each other.
“Companies need to better understand core data management principles — in many cases today, it’s data that drives innovation, and of course, for security and resilience purposes, it’s the data that needs to be protected and secured.”
Solving infrastructure complexity
Pressure for businesses to adopt digital technologies and be seen as “cloud-first” in recent years has resulted in a rush to the cloud, according to Mr Dhankhar.
This approach has led to even more data silos, complexity and security gaps. It means businesses are now spending precious time maintaining multiple different data models, integrating data sources, and bolting on security fixes instead of innovating.
This worsens when organisations start adding niche databases to build their growing features portfolio, creating more places for data to live, more data to integrate and an increased surface area for attack, making both innovation and security of data difficult.
“We are now also seeing some examples of this in Europe, where GDPR and the ‘right to erasure’ has greatly challenged organisations, not because they technically couldn’t delete information, but because they often weren’t sure where their user data was stored,” Mr Dhankhar said.
“In Australia, similar regulations are being drawn. From the review of the Privacy Act and the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 to more targeted regulations such as APRA’s CPS 230 aimed at the financial services sector. Organisations will likely face greater security and compliance challenges that will impede their ability to innovate if they don’t adopt better cloud and data management strategies.”
Embedded security for data resilience and compliance
For many businesses, building data resilience is not about adding additional layers to existing digital infrastructures but adjusting mindsets and workflows around how existing technologies are used, according to Mr Dhankhar. Having embedded cyber security posture and resilience across the organisation can better streamline the process.
Mr Dhankhar said it was important for businesses to choose data models that fit the way data today is being used and shared.
It was also crucial to start consolidating around platforms that make data secure by default.
“It’s about protecting the data itself so no matter how it is being used, where it is being stored, and whom it is being shared with, it needs to be secure and encrypted by default,” Mr Dhankar said.
“The starting point is to consolidate platforms to solve multiple problems. This consolidation allows innovation to occur as it allows search, mobile and visualisation tooling, which are all heavily data-reliant, and of course, integrated data security in the one platform.
“Compliance, security and innovation are not irreconcilable. They are compatible. It is about changing the mindset and workflows around how data and cloud are being used, and offering developers tools that are designed to solve today’s problems to continue to drive innovation.”
HOW WE HELP
Ready to protect your business? My Business Cyber offers a complete solution to test, train and measure awareness, reducing the risk of human error. Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools, and resources.
