Data security and the perils of data migration
Controlling risk during times of change
By Ozgur Azizoglu, Data Migration Practice Lead at Inoapps
A recurring concern across the many data migration projects the team here at Inoapps delivers is data security, and how to minimize the threat of data breaches. This blog explores some of the risks and vulnerabilities businesses need to guard against and offers practical steps to help you protect your data during this critical time.
As part of any Enterprise Resource Planning (ERP) or Human Capital Management (HCM) project, the security workstream is crucial for project success. Organizations spend days, weeks and months devising an enterprise security policy to restrict system and data access to only those individuals that are fully authorized. This is because fine-grained control of organizational structures, roles and responsibilities, and strict control of system access can help prevent unauthorized entry and data breaches after go-live.
However, all too often the security implications of data access within the data migration workstream of the project may not be as carefully controlled, and this can open up the potential for data breaches and unauthorized access.
During the various iterations of data migration, data extract files may be produced, transformed, mapped and loaded—but who has access to those files during that loading lifecycle? And what happens to those files once the project is done?
Data loading cycles will typically be subject to system integration testing (SIT) and user acceptance tests (UAT) carried out by individuals across the project team. But by its very nature, that testing may involve sensitive data—salary details, performance evaluations, project commercial details. Such data may be visible to the project testing team, but should those individuals have access to that data in the first place? And could unauthorized access lead to a breach, with all of the downstream GDPR and cyber risks that would entail?
During migration, teams may share files via email or in unsecured environments. Data that needs to be masked can be forgotten. Likewise, testers given elevated access to confidential data could be left with those privileges. And when the program is finished, legacy artefacts can remain in place, presenting long term risks to the data security of the organization.
Data migration will also often involve the mapping and transformation of data during its Extract, Transform and Load journey—another vulnerability to guard against. How can organizations ensure that they do not leave themselves exposed to malicious intent during the transformation phase, when exposed bank accounts, balances or payment details could be altered for fraudulent benefit?
Have you factored data security into your data migration strategy?
The data migration workstream of any ERP or HCM program should begin with the creation of a data migration strategy. The strategy’s main goal is to ensure that the end to end data migration program is properly planned, scoped and allocated to the right people. Other key factors include data cleansing, reconciliation and mapping rules. But what about data security? Does your data migration strategy give full consideration to ensuring the security and integrity of your data assets throughout the migration journey?
Data security needs to pervade every aspect of the migration. The proper controls need to be put in place from project initiation, and then maintained throughout the program. Hasty decisions, looming timescales or project stress can sometimes push teams to choose easy solutions without regard to data security implications.
Simple, practical steps can easily be added to any migration workstream to immediately reduce risk and exposure to data breaches:
- Put in place a secure and controlled data room for the storage of all migration objects, reducing the risk of unauthorized access
- Implement a data purging regime after every iteration, ensuring that no legacy data is left at risk
- Define project team structures and access rights, and ensure all team members are fully aware of their personal responsibilities and liabilities
- Ensure all toolings and platforms are fully up to date, patched and secured to prevent unauthorized access
- Consider the data access implications of your testing and training strategies to ensure that unauthorized access is not granted during these cycles
- Define a data reconciliation strategy to identify and prevent malicious updates
Project teams should not forget that data migration is not a one-time effort. It must be repeated at different project stages and the decisions taken must be implemented until the very end of the project.
How can Inoapps help?
Data migrations for ERP projects can be complex and risky. Data security is one of the major challenges facing many organizations as they transition resources.
To improve data security during migration, our data migration practice can help you:
- Understand and meet compliance requirements
- Limit access to only authorized project members
- Define and mask the sensitive data
- Define how data will be shared between teams
And more importantly, we can oversee the implementation of these decisions.
If your organization needs help with its data migration, ask the experts. #AskInoapps.