In conversation with Terry Clarke about BLUEPRINT 4D 22
We chat to Terry Clarke, CEO about the 2022 Quest BLUEPRINT 4D ConferenceRead more >
Data Retention & Security
Data Retention and Security is a hot topic and a vast subject.
In this Blog post we look at Data Retention and Security from the perspective of organizations running JD Edwards. We cover the key considerations as we see them and provide links to industry articles and information for a broader view of the subject.Read more >
Data Retention & Security
Is your organization sitting on a ticking time bomb?
Data retention and security is a hot topic and a vast subject. The impact of a security breach or a cyber-attack can be far-reaching. Fines and/or compensation claims are affected by the amount of data, and the number of data items stolen. Repercussions for a business can be devastating. There is also the untold damage to a company’s brand.
In this Blog post we look at data retention and security from the perspective of organizations running JD Edwards. We cover some key considerations, but also provide links to industry articles and information for a broader view of the subject.
Has your JD Edwards ERP system experienced exponential data growth over many years?
Factors that can lead to an accumulation of large volumes of data
- Natural business growth
- Implementation of new features and modules within JD Edwards
- Acquisition of new companies
- Rolling out the JD Edwards implementation over time
- Introduction of new technologies
As the quantity of data continues to grow, the risk of data or security breaches is ever more present.
What risks are buried in this huge amount of JD Edwards data?
Holding onto vast quantities of data in your Production environment could dramatically increase the consequences of a security or data breach.
How to minimize your risk
If data is not useful to you operationally, or required to be held legally, then you should consider completely removing that data. In so doing, the company’s data footprint is reduced as are the consequences of a security breach and possible resulting legal liabilities.
Legal Compliance and Liability
With data comes a legal responsibility to manage and protect it.
The more data you have the greater the time and cost to ensure it is correct and protected and the greater the exposure to legal liability and potential litigation (with its associated costs).
How do you know which data to hold onto?
Legal retention periods tend to be industry and country specific.
Legal acts and in some cases supplier and or customer contracts determine how long data must be kept. Retention of too much or too little data can result in serious implications for an organization.
Local and national governments (and other organizations) can have specific clauses in their contractual agreements, detailing what documents and data should be stored, and how long for. This gives a clear instruction that if you are dealing with these organizations, a definite amount of data should be available, if requested. That data does not have to be in a live environment, or even an on-line environment, but it should be reasonably accessible.
The process of establishing a Data Retention Policy for your organization will involve addressing compliance with statutory obligations not only for the retention but also for the disposal of data.
Optimizing Disaster Recovery
Another factor to consider is that having a smaller JD Edwards database could get you back up and running quicker; a smaller enterprise database will be restored faster.
Running a lean JD Edwards system will help your business be more agile. An agile business is better able to respond and recover from external attacks.
What is a Data Retention Policy (DRP)?
A structured and effective Data Retention Policy will define what legally needs to be kept by an organization. It will clarify the who, what, where, when, why and how of archiving and purging. The DRP should also provide a structured management framework for Information Life-Cycle Management (ILM).
Four main purposes of a Data Retention Policy
- Assure maintenance of the records and information that an organization must keep to meet operational or regulatory requirements
- Ensure timely and efficient disposal of records and information that are not needed or should not be maintained
- Minimize the amount of data to be maintained by the IT department
- Optimize the processing speed of the source system for the business users
Three core elements covered by a Data Retention Policy document
- A formal written policy statement
- A records / information retention schedule
- Procedures for executing and enforcing the policy and schedule
Why invest time in developing a Data Retention Policy for your organization?
This may not be considered the highest priority project in your organization or the most dynamic task. However, when you stop to consider the potential risk and damage to your organization and its brand of a data breach, it soon becomes clear why you should develop an effective policy for the retention and disposal of your JD Edwards data.
Four customers have shared their experiences of managing large volumes of JD Edwards data and talk about developing Data Retention Policies for their organizations.
What’s the cost of a data breach?
Your fine, or compensation claim will be affected by the amount of data, and the number of data items stolen.
“A recent IBM and Ponemon Institute study looked at nearly 525 organizations in 17 countries and regions that sustained a breach last year, and found that the average cost of a data breach in 2020 stood at $3.86 million…”
“The report also found that the United States continued to experience the highest data breach costs, averaging $8.64 million per event.”
Data retention and security is about managing risks. Minimizing aspects of risk can allow you to get on with the important matter of running your day-to-day business. Two major risks that your organization can minimize by archiving your JD Edwards system are:
- Legal liabilities of data that you no longer need or must keep
- The time to get your business up and running again, in a Disaster recovery scenario.
3 common myths around ERP data security
- Data Security is an IT problem!
Data Retention and Security is the responsibility of the whole business.
- We don’t need a Data Retention Policy!
A meaningful Data Retention Policy is a crucial step in proactively managing the data growth in a JD Edwards ERP system.
- JD Edwards archiving will be a complicated, drawn-out experience!
Not at all.
It’s about finding the solution that best suits your business needs. *⇓
* If you’re looking at better managing and archiving your JD Edwards data, the Data Archiving Options Whitepaper can help you. The whitepaper discusses what is available to organizations running JD Edwards and the pros and cons of each.