Is your company's digital infrastructure a ticking time bomb? Discover the hidden risks of data backups and learn how to safeguard your organisation from data toxicity.
Image: Supplied.
If you walked into a corporate headquarters and saw filing cabinets overflowing into the hallways, blocking fire exits and spilling confidential contracts onto the lobby floor, you would be furious with the office manager.
Yet, this is happening in the digital infrastructure of many South African organisations.
International Digital Cleanup Day on 21 March is often marketed as a day for individuals to delete blurry photos or unsubscribe from newsletters. But for business leaders, though, this date should serve as a signal to audit a more dangerous phenomenon: data toxicity.
We have spent the last decade obsessed with "Big Data" and the idea that data is the new oil. The reality for many organisations is that data has become more of a figurative asbestos. It is piling up in cloud environments, costing a fortune to store, and if disturbed – by a hacker or a legal discovery process – it becomes very hazardous to the organisation.
The first argument for aggressive data minimisation is purely financial. There is a pervasive myth that cloud storage is cheap and infinite. While the cost per gigabyte has dropped, the sheer volume of data generated has, in many cases, outpaced those savings.
Organisations are paying to store, back up, and mirror petabytes of "ROT" data – Redundant, Obsolete, and Trivial information. There are organisations in every industry that are unknowingly paying to back up the entire contents of employees’ "Downloads" folders – including personal tax returns, memes, and installer files from 2018 – likely across multiple different geolocated servers.
That comes down to serious wastage, but it is also a form of financial negligence. In a tight economic climate, a CTO who cannot demonstrate a strategy for shedding digital weight is bleeding budget that should be allocated to innovation or active defence.
The risk calculation changes drastically when you look at it through a legal lens. If your organisation is sued or investigated, you are legally required to produce relevant data during the discovery process.
If you have ten years of unmanaged Teams chats, email archives from employees who left five years ago, and unclassified server dumps, you have to pay lawyers to sift through all of it. The cost of reviewing terabytes of data for a court case can easily exceed the settlement amount of the lawsuit itself.
Furthermore, under the Protection of Personal Information Act (POPIA), holding onto customer data for longer than is necessary for the specific purpose it was collected isn't “hoarding” – it is illegal. A "keep everything just in case" policy is effectively a policy of opening a door for non-compliance to creep in.
Identity hygiene: The zombie account problem
While deleting files is critical, deleting access is even more urgent. Our assessments frequently find "zombie accounts" – user profiles belonging to employees who resigned months or years ago but still have active access to the network.
This is an example of Identity and Access Management (IAM) and offboarding protocols in need of urgent improvement. When an employee leaves, HR might stop their payroll, but if IT doesn't revoke their SaaS licenses and Active Directory access instantly, you have left a door unlocked.
Hackers love zombie accounts. They don't raise alarms because they look like legitimate users. They are the perfect vehicle for lateral movement within a network. Digital minimalism in a corporate context means having an automated, ruthless de-provisioning process. If a human isn't sitting in the seat, the digital identity must cease to exist.
The shift required here is cultural. We need to move from a mindset of "storage management" to "data lifecycle governance".
Digital Cleanup Day is a reminder that the most secure data is the data you do not have. You cannot leak what you have already deleted.
Richard Ford, Group CTO, Integrity360.
Richard Ford, Group CTO, Integrity360.
Image: Supplied.
BUSINESS REPORT