On a recent beach holiday, while basking in the tranquillity of the island, an inspiring thought came to me as a golden retriever approached and checked me for any signs of danger. What if there is a correlation between the animal kingdom and how we look at data privacy and security?
I started to research how wildlife, individuals and organisations play host to our own set of predators and protectors in our modern world's ever-shifting landscapes, where the battlegrounds are digital, predators are hidden in code, and we need to balance our rights to privacy and the unyielding advancement of technology.
In this blog, I explore parallels between the survival of the fittest in both nature and the digital sphere, and examine how strategies must evolve and adapt, as hackers and digital poachers become more sophisticated in their methods.
Lions exhibit territorial behaviours to safeguard their pride. Despite having no natural predators, lion cubs remain vulnerable to potential attacks. In the hierarchy of the animal kingdom, male lions, often dubbed as the 'Kings of the Jungle,' diligently mark their territories, emitting resonating roars to dissuade intruders and reinforce their dominance.
Similarly, in the world of data privacy and security, you need to keep your ‘territory’ safe. A good place to start is by assessing what data you store is sensitive, and then also look beyond the digital realm when assessing threats. Everyday actions, such as jotting down Personally Identifiable Information (PII) on a notepad for routine tasks, can unexpectedly expose vulnerabilities.
According to a study by Ponemon Institute , insider threats can range from 46 incidents (largest) to 1 (smallest) incident for a given company, broken down into three insider profiles as follows: employee or contractor negligence, criminal/malicious insider, and credential thief (imposter risk). So make sure that you have implemented the correct roles and authorisations to keep your data secure.
In the context of SAP, consider a Governance, Risk Management and Compliance (GRC) solution that can give you quick insight into who has access to what data/transactions. When it comes to non-production systems, you can reduce the risk to your ‘territory’ by scrambling data and not having PII data visible to a broader development or testing group.
Elephants have a remarkable ability to locate distant water sources, and it’s been proved that they have good memories. They navigate their surroundings with purpose and heightened awareness, using their exceptional memory to recall dangerous situations and old feeding grounds, ensuring their survival in the wild over extended periods.
So, what can elephants’ behaviour teach us? The notion of longevity and resilience raises some questions: How can you fortify your own company security for short- and long-term application? What does it mean to embark on a journey to pinpoint and map PII throughout your digital ecosystem and business history?
In the SAP context, you need to get a better understanding of where data is stored. SAP’s data model stores data in different tables and areas, and how data is linked is quite different from other ERP systems. You also need to consider how your SAP systems have been customised over the years. An in-depth assessment of your SAP system will give you the insights to map and create a security plan. Security isn’t a one-size fits all approach: you need to consider your organisation’s needs and risks as you proceed.
Much like the cooperative dynamics within elephant herds, partnering with the right ally to support you in your data privacy and security journey is important. Your team should include legal, technology (IT) and business representatives.
Soaring through the skies with excellent vision, hawks can focus on distant prey with precision, despite the prey being camouflaged. Found in diverse habitats ranging from tropical regions with high rainfall to arid landscapes, these remarkable birds thrive across the earth. They exhibit an energy-efficient hunting and migratory technique, skilfully using wind currents to glide over great distances while conserving energy through minimal wing flapping.
Drawing a compelling analogy, these avian predators underscore the need for vigilant observation when it comes to privacy compliance around the globe. As an organisation that runs SAP, you need to consider how you will respond to a Subject Access Request. For examples, for GDPR, this applies to all European residents.
According to the ICO, Subject Access Requests can be made to find out:
As SAP doesn’t deliver an out-of-the-box solution to comply with this legislation, you could consider a solution like the EPI-USE Labs’ Data Privacy Suite for SAP that allows you to disclose the data, redact it if needed, and also look at longer-term retention policies.
You should also look at whether you acquired the necessary permissions to use the data for testing and training purposes. If you are using system copies, you could have employee, business partner and vendor data that is personally identifiable.
To get that ‘hawks-eye’ vision for your landscape, explore how you can get a proactive alerting system in place. Splunk is one of the best-of-breed solutions that can give you an overview of your full landscape, including SAP.
In the world of unusual inspiration, consider the lowly maggot – not exactly a creature associated with grandeur, yet surprisingly adept at its task. Maggots, notorious for their appetite for decaying organic matter, play a unique role in larvae therapy by cleaning wounds. Their remarkable ability to consume dead tissue and harmful bacteria, leaving healthy flesh to heal, offers an intriguing analogy for data management.
Much like these industrious creatures, SAP professionals need to take a comprehensive approach to data privacy. Just as maggots clean only the decayed and rotten material, you need to evaluate data systems with a discerning eye, identifying and removing excess and unnecessary data that may clutter the digital landscape.
The recommendation is to discover the answer to these main questions:
Wolves exhibit remarkable synergy within their packs, with each member contributing their unique strengths to ensure collective well-being. They are constantly vigilant, and adapt quickly to threats, relying on their acute senses to detect changes in their environment.
Similarly, audit and review processes integrate various layers of expertise and assessment, forming a cohesive strategy for data protection. The ongoing audit and review procedures for data security and privacy require vigilance and adaptability. These procedures employ advanced tools to identify potential vulnerabilities and breaches as business changes arise.
The pack's social structure, where experienced wolves guide the young, mirrors the relationship that may occur during audits for compliance, security, or privacy; acting before a potential threat may affect an individual, employee, or the whole enterprise thus helping to navigate the complex terrain of digital security.
By embracing the spirit of a wolf pack, organisations forge a resilient path, ever-watchful and ready to defend against emerging threats in the realm of data privacy.
To ensure that data protection strategies are consistently and properly enforced, these stakeholders must work together as a pack:
Imagine diving into the depths of the ocean and encountering Cyanogaster noctivaga, a creature that captures the imagination with its bioluminescent display. Aside from its transparent skin, it has a dazzling blue belly, hence its name of the ‘blue-bellied night wanderer.’ This deep-sea marvel uses its radiant patterns to communicate and navigate the darkness.
These luminous fish mirror the importance of illuminating data handling, with the concept of transparency in data privacy practices. Transparent data privacy practices guide users through the often murky waters of data usage, empowering them with knowledge and fostering a sense of trust. In the digital world, data privacy laws demand transparency in revealing how personal information is collected, used, and safeguarded.
What types of requests may be asked of you in accordance with privacy rights?
By embracing the vibrant spirit of these fish living deep in the Amazon, companies can ensure that their data privacy practices are open and transparent in accordance with data privacy laws.
These parallels reveal that nature can teach us interesting lessons about data privacy and security. Survival, whether in nature or the digital space, demands an ever-evolving strategic approach. The behaviour of lions exemplifies the importance of vigilant impact and risk assessments; elephants illuminate the discovery and mapping of PII. The sharp insight of hawks emphasises the significance of a proactive privacy overview; and maggots careful data cleaning. Wolf packs advocate for ongoing audits and review; and transparent fish encourage data transparency. The journey towards effective data security and privacy calls for unwavering vigilance, adaptation, and collaboration – lessons we can glean from guardians of the wild.