Data Privacy, Data Security & Workday: What You Need to Know

Discover why organisational data privacy is the responsibility of every business, no matter how robust the data security of their systems might be
Date posted
17 October 2022
Reading time
10 minutes

The way we do business will never be the same

Over the past decade, and perhaps even more so within the last three years spanning the global pandemic, the business technology landscape has changed irreversibly for the better.

Whether it has been a case of technology influencing how we work, or our changing working lives influencing the evolution of technology, we now conduct business in an era of almost limitless, instant access to the information and tools we need to do just about anything we want.

image

So, it’s unsurprising that cloud technology has emerged victorious in facilitating this monumental shift, with Workday the platform leading the charge for over 4000 global businesses. After all, it’s everywhere, always on, always up to date, and allows us to accomplish almost anything, from anywhere.

Data, data everywhere, but do we need to ‘stop and think’?

Despite all these advantages, when we create, store, and access more data than ever before in cloud environments like Workday, we need to remember our responsibilities to introduce appropriate controls.

If administrators, users, testers, trainers, or implementers can enjoy near-limitless, deep access to these systems and the sensitive data they might contain, at what point does access to that data – both personal and financial – begin to pose a risk to businesses? This risk is especially common in non-production environments such as Sandbox and Sandbox preview, where a feature like ‘Proxy’ allows users to access systems and data to transact as someone with greater privileges, for demonstration or testing purposes.

When we stop to consider the risks of allowing elevated access to sensitive data, especially in non-production environments, we can begin to understand the consequences of having inadequate controls on data privacy, whether operational, legal, or reputational, and identify solutions.

Data Privacy in Workday: The responsibility is ours

As secure a system like Workday is out-of-the-box, it’s the responsibility of organisations to ensure sensitive data is safe simply because of how and why it’s used. That’s the data privacy bottom line—that we conduct business in the real world that’s guided by real data protection laws and regulations.

Ensuring that systems adhere to and can be audited for compliance to regulations like GDPR or SOX, allows a workforce to be confident that their data is in safe hands, that the market can trust the ethics and integrity of businesses, and that data breaches that bring huge legal and financial ramifications can be avoided.

What can I do about it?

As mentioned, Workday provides a fantastic data security framework out-of-the-box that’s not only industry-leading, but continuously audited, improved, and updated.

image

At the very least, paying attention to bi-annual updates and testing frequently can allow businesses to adapt their business processes to ensure their Workday instance remains as secure as it ever was.

However, when it comes to data privacy, it’s down to individual organisations to interpret risk and introduce policies and processes for how data is created, handled, stored, accessed, and shared.

These will differ of course for every business across the industry or geography they operate in, and depend on regional, national, and international legislative requirements.

Non-production Workday environments, as an example, can contain huge volumes of real PII and financial data that can be nearly as up to date as a production tenant’s information. So, if access to non-production tenants gives users the ability to retrieve and interact with this data, controls or measures that limit access to only the required information for the required time, becomes a necessity.

Understanding your data to understand your options

With so much data residing in your system, it can be difficult to know how to prioritise identifying data types, where they are stored, why they might need to be accessed, and by whom. This is crucial to better define a reasonable set of data privacy procedures and begin thinking about solutions to implement them.

Those solutions can range from the advanced, complex, and costly – internal teams or external consultants rejigging security configurations as your needs change over time, for example – to more simple and cost effective, such as data scrambling or data masking. The latter two, of course, are very different and have their own nuances depending on an organisation’s needs.

Read part two of this article which explores data scrambling and data masking in more detail.

Discover Smart Shield–our intelligent data masking solution that offers comprehensive, effortless data privacy controls for Workday