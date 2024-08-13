In late June the National Health Laboratory Services, SA’s public sector diagnostic pathology service, suffered a severe data breach due to a ransomware attack that reportedly led to 1.2-terabytes of data being compromised, including third-party, client and patient information. The consequences of this breach included significant delays in processing blood tests across public health facilities, while systems and databases were blocked.
The nature of this breach is not novel to SA, with many public and private institutions increasingly having to fend off cyberattacks. Industry leaders such as BSG chair Mteto Nyati have been warning about the coming onslaught of attacks since the outbreak of Covid-19, stating that the country is “scarily” at risk.
These kinds of data breaches are the result of poor security infrastructure and a lack of organisational cybersecurity awareness training, which has caused growing anxiety among consumers, who are expected to share their personal data to receive services and goods, and among executives, who are responsible for protecting this data.
This creates a dilemma for companies whose bottom lines are inherently linked to maintaining databases of customer information for marketing and other purposes. In fact, it is an existential threat to many organisations.
Industries most affected by these shifts in security consciousness include health and retail services, both of which collect and process customer data in large volumes. Consumers expect this information to be treated with the utmost sensitivity.
A new class of software systems, customer data platforms (CDPs), has emerged to address these concerns, leveraging the power and flexibility of the cloud to cater to the large-scale storage, analytical processing and security considerations demanded by customer data.
Centralised governance
A CDP is a customer data management software solution consisting of a centralised database that can integrate, manage and expose consumer data to other systems to personalise the customer experience. A CDP stores all the data related to customers in one place. It can be collected from customer relationship management software systems, consent forms, social media, email or internet browser cookies, among other things.
But why would anyone want to put all their sensitive data in a single location? Simply to ensure centralised governance and security. When data is distributed across many databases and software systems, managing organisational data access policies becomes increasingly complicated. When convenience and best practices don’t align, corners are cut.
CDPs are more secure and convenient than traditional customer data management solutions. They provide a single point of defence for customer data, allowing organisations to adopt zero-trust security policies. Zero-trust security means no-one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access. This adds a layer of security that has been shown to prevent data breaches in the past.
CDPs also enable unified data analytics. Placing all customer data in a single location, such as a data lake or data warehouse, enables cross-system queries — removing organisational data silos and allowing for the discovery of hidden relationships and deep context. The goal of a data platform is not to hide sensitive data, but rather to safely expose nonsensitive data to the correct individuals or systems — democratising organisational data in ways that were impossible in the past.
Zero trust
In SA CDPs can be leveraged to offer companies a tighter grip on their data landscape by removing layers of red tape hindering progress and other efficiencies. There is no reason anyone in an organisation shouldn’t be able to access data on how many red shirts were sold over the past two summer seasons (without also getting access to private cellphone numbers and the marital status of each consumer). A self-service analytics platform that empowers any decisionmaker with access to these and other pressing questions related to nonsensitive data can facilitate an organisation-wide unlock.
Due to the integrated nature of CDPs, compliance with personal data legislation is more streamlined and less at risk of noncompliance or mismanagement. CDPs wrap sensitive data in a layer of zero-trust security, while simultaneously exposing nonsensitive data to relevant business stakeholders. Data is also encrypted when in transit and when stored.
CDPs are capable of masking sensitive data such as credit card numbers, so that data can safely be consumed and leveraged without risking any personally identifiable information leaks.
Since CDPs are typically cloud native software systems, data can be contained in specific geographic regions. Data residency capabilities ensure customer data is stored and processed in specific geographic locations, complying with local data regulations.
Without CDPs many organisations have no single source of truth for customer information, putting them at risk of being noncompliant. A major win in privacy over recent years has been the rise of CDPs with features to manage cookie consent. Before general data protection regulations laws kicked in, many retailers had no way of knowing who their customers were, let alone requesting individual consent. It seems almost counterintuitive that one of the greatest marketing tools of the last century has become a champion for consumer privacy protection — but that is exactly the case.
As we progress from the information age to the intelligence age, customer data management will become increasingly complex and will require systems to match the pace of this change.
Cyber threats are certainly evolving and will continue to demand that businesses evolve and upgrade their own systems. Embracing CDP systems can be an excellent public relations opportunity to demonstrate to customers that data usage and protection are vital to the stability of their operation and that great care and investment are being put in place to ensure customers do not fall victim to the next ransomware attack.
• Steenkamp is cofounder of data management consultancy Tregter.
FERDINAND STEENKAMP: How to stay on top in the ransomware rodeo
Customer data platforms offer an effective strategy against cyber cowboys
