Creating a data-driven advantage in Australia

How can Australian partners take advantage of a changing data protection landscape?

The average amount of data managed within an organisation has increased from 1.45 petabytes (PB) in 2016 to 9.70PB in 2018, placing new pressures on Australian businesses.

Such an explosion of data is creating the need for customers to house a deep understanding of its value, illustrated through recent Global Data Protection Index findings.

The research - commissioned by Dell EMC - highlights that 92 per cent of businesses now realise the potential value of data, with 36 per cent already executing monetisation strategies.

Yet despite this, nearly half (45 per cent) are struggling to find suitable data protection solutions, especially in the case of newer technologies such as artificial intelligence (AI) and machine learning.

Consequently, a gap is emerging in Australia between maximisation and protection, with businesses building out data-driven strategies on wafer-thin security foundations.

According to Andy Jones - sales manager of Aliva - organisations are feeling “unprecedented pressure” to take responsibility in data management.

“We’ve got a lot of customers in education and finance,” he explained. “The conversations we have with them have turned sharply to governance.

“They are now thinking about what’s being stored, and there is a feeling across the community that these organisations should be focusing more on data protection, because if their data is leaked the impact on the community is huge.”

Businesses today aren’t always comfortable executing on data management requirements however, with complexity and confusion existing around the storage of data.

“Only a very brave CIO is willing to remove data,” observed Kon Kakanis, director of Sundata. “They don’t want to be the person that admits to signing off to get rid of something valuable. CIOs need to know more about the data they hold, but unfortunately with no classification moving forward no one knows what there is.

“Helping organisations categorise their data provides them with a strategic advantage. People are running data lake projects for current data, but that’s still looking forwards, not backwards. You can gain a lot of insights from the historical data, as well. So, the question is how do you draw that value out?”

This is even more evident with smaller organisations which, in some cases, lack knowledge on data regulations and the associated risk profiles.

“In the sub-50 seat space, there’s still a significant education journey that needs to happen in terms of corporate compliance, risk, breach reporting, continuity and how they handle back-ups,” added Jonathan Allan, IT sales manager of Secure Access. “They need to learn how to handle data in general. These businesses don’t necessarily have boards, so the conversation to the senior leadership team needs to be slightly different.”

In assessing changing customer dynamics, Pia Broadley - director of vendor alliances across Australia and New Zealand at Tech Data - acknowledged the local market is struggling to balance maximising data amid heightened demands to enhance protection levels.

“The big change I’ve seen in recent times is not just about how to protect the data but how to use it,” she explained. “We find that channel partners are constantly asking about how they can build solutions to use data not just store and protect it.

“They want to know how the data becomes available in such a way the solution has a commercial benefit to them, and then how they can do that in a way that’s simple, so they don’t need to have a team to train for a month to fully take advantage of it.

“That’s happening because the partner’s customers are managing data. There is an appetite out there for customers to find data management companies and engage them, because they want to understand data better.”

Meanwhile, Geoff Hughes - managing director of Venn IT - outlined a process channel partners can use to ensure organisations are understanding of the modern data environment.

“Starting with data protection is a cleanliness exercise for an organisation – to be able to ensure it knows it is achieving its recovery points,” Hughes said. “The next step is trying to drive more value out of back-up data.

“Customer data used to sit in one data centre, now it sits everywhere. It’s sitting in an Office 365 environment, an Amazon Web Services environment, a Microsoft Azure environment, multiple data centres or through platform or software-as-a-service.

“Now, thanks to data back-ups, we can get all that data into one place. Once we’ve re-centralised all of the data, the next question to the organisation should be how do we gain some insights and value out of it? How do we transform the back-up data into a launchpad towards data lakes?”

Weighing up data

Despite the ideal of leveraging back-up data strategically, such an approach - on most occasions - could not be further from the mind of Australian customers.

Of course, data management, warehousing, back-ups and data loss prevention (DLP) are all important to a modern business, but it’s not necessarily a common customer skillset.

“Organisations that practice restoring back-ups and patching are few and far between,” acknowledged Norm Jeffries, managing director of Computer Merchants. “Our job is to encourage them to do it. We’ve all seen the war stories first-hand. It happens to organisations that it shouldn’t, it happens to the biggest in the market. Then you start to wonder how it happens.

“It’s because they don’t practice the basic things. It’s one thing to deploy a back-up solution, but it’s another thing to put aside the time to carry out a full restore test. We all need to encourage our customers to practice good habits.”

The increasing importance of data has also created a need for businesses to understand where information is residing, amid plans to integrate such information into a wider security strategy.

“Data sovereignty has become a common issue in the way that it sits and is protected,” said Ian Richards, managing director of IntegrationWorks. “As a partner, we do need to know if the data can go outside of Australia, and, if it can, what are the different data protection rights that come into play.”

But given the market landscape in Australia, can the channel rely on the potential impact of regulation to motivate?

Read more on the next page...

Page Break

Today, the potential penalties and risk profile of allowing data to leak, or be lost, may not be severe enough in Australia, according to Jerry Vochteloo, cloud data protection lead across Asia Pacific and Japan at Dell EMC.

Yet as explained by Vochteloo, if overseas trends are a guide, it won’t be long before Australia joins other regions in instituting strict penalties around data misuse.

“In Australia the regulations and requisite fines are often pretty light,” he said. “There have been very few prosecutions and businesses ended for being in breach.

“But look at what General Data Protection Regulation [GDPR] did. Why did people suddenly sit up and take notice? Because the maximum fine is four per cent of a company’s worldwide revenue. All of a sudden there was a fine that could hurt an organisation.

“There is a trend to start increasing the fines. For instance, Singapore now also has million-dollar fines, and that helps.”

The problem IT departments face isn’t just centred around the scramble to be compliant, however. It is the sudden interest in compliance from corners of the organisation that hadn’t previously looked at it.

“Compliance issues hit at a high level and then cascades down to IT, which responds ‘well, that’s great, I’ll add it to my other impossible job list’,” added Kakanis of Sundata. “It can then feel like they’ve got a victim within the organisation.”

Computer Merchant’s Jeffries said he had seen this trend in action. “We had one organisation which about $2.5 million to $3 million to do a project to remove Windows XP from all their devices and move to something that was supported,” he explained.

“The organisation had been putting it off, but then the regulators got involved, saying the director was now accountable for the data, so when the organisation identified it had exposure through windows the mandate came down pretty quickly from the top.

“Directors are in fear and when it’s board-driven, it’s often to avoid the risk of fines or jail time. Nobody wants to be in the news for something like that.”

Culture of data

Andrew Bird - regional manager of Queensland at BlueAPACHE - observed that in many cases, the responsibility of data within an organisation lies with the IT department, despite a clear lack of understanding of the implications of such a move.

“Take insurance, for example,” Bird said. “Boards or managing directors will pass a spreadsheet to IT, whether it be internal IT or outsourced IT, and then expect IT to be able to complete it.

“Two-thirds of the content in those spreadsheets is about business policies, which means it is not just about the province of IT. The immediate reaction is ‘this is cyber so therefore it’s about IT’, but it’s not – it’s about so much more. It’s about the users.”

Many organisations are also looking to offload responsibility of data and security to partners. Jeffries said that scrutiny is increasingly being placed over the channel as a result.

“It’s important that, as a channel partner, you’re able to point to your own organisation as proof of what you can do,” he said. “Are you up to date with patches? Have you removed administration rights from ex-staff? Security is a big job to do but it is simple. It’s about making sure we follow those fundamental things.”

Delving deeper, Kakasis of Sundata stressed that despite more frequent discussions about back-up, internal culture is struggling to keep pace with data changes.

“But patching has done a complete 180-degree turn,” Kakasis said. “Three or four years ago people patched if it was absolutely necessary. Now service-level agreements [SLAs] include the frequency of patching.

“It has become part of the environment that people patch on a regular basis and across systems and they are getting better at it.”

Much of what is driving these trends is a changing IT skillset and focus within organisations, according to Vochteloo of Dell EMC. Internal IT teams are increasingly focused on managing cloud and DevOps environments, meaning partners are being relied on more heavily for “old school” IT support.

“The people who understand the value of back-ups are disappearing,” Vochteloo said. “I’m increasingly finding I’m going back to the most basic conversations with IT teams around what back-up is and why they should do it.

“For example, there was one large chemical company that we recently engaged with where the cloud team is also the IT team. We almost needed to run a back-up 101 course, explaining what a full back-up was and why organisations should have certain retentions.”

According to Satish Naidu - CEO of 1ICT - a key trend affecting the entire data industry is the changing view on data. Partners need to not only continue to provide existing data protection services but evolve alongside customer expectations.

“What we see is a big move to application development, so most of the data we now protect is in the cloud on AWS and Azure, and so on,” he said. “Traditionally, we needed an on-premise approach to data protection, but customers now use databases as-a-service and an integral part of the software development platform.”

The ongoing confusion and organisational challenges around data back-up and regulation is good news for the channel.

These businesses need an advanced strategic partner to assist in navigating increasingly high-stakes waters, and with the shift towards the cloud in many internal IT teams, the need for structured technical support is also all the greater.

(This article first appeared in ARN Magazine; this ARN Roundtable was held in association with Dell EMC and Tech Data.)