Data Retention & Security

JD Edwards Data Security

Is your organization sitting on a ticking time bomb?

Data retention and security is a hot topic and a vast subject.  The impact of a security breach or a cyber-attack can be far-reaching.  Fines and/or compensation claims are affected by the amount of data, and the number of data items stolen.  Repercussions for a business can be devastating.  There is also the untold damage to a company’s brand.

In this Blog post we look at data retention and security from the perspective of organizations running JD Edwards.  We cover some key considerations, but also provide links to industry articles and information for a broader view of the subject.

Has your JD Edwards ERP system experienced exponential data growth over many years?

Factors that can lead to an accumulation of large volumes of data

• Natural business growth
• Implementation of new features and modules within JD Edwards
• Acquisition of new companies
• Rolling out the JD Edwards implementation over time
• Introduction of new technologies

As the quantity of data continues to grow, the risk of data or security breaches is ever more present.

What risks are buried in this huge amount of JD Edwards data?

Holding onto vast quantities of data in your Production environment could dramatically increase the consequences of a security or data breach.

How to minimize your risk

If data is not useful to you operationally, or required to be held legally, then you should consider completely removing that data.  In so doing, the company’s data footprint is reduced as are the consequences of a security breach and possible resulting legal liabilities.

Legal Compliance and Liability

With data comes a legal responsibility to manage and protect it.

The more data you have the greater the time and cost to ensure it is correct and protected and the greater the exposure to legal liability and potential litigation (with its associated costs).

How do you know which data to hold onto?

Legal retention periods tend to be industry and country specific.

Legal acts and in some cases supplier and or customer contracts determine how long data must be kept.  Retention of too much or too little data can result in serious implications for an organization.

Local and national governments (and other organizations) can have specific clauses in their contractual agreements, detailing what documents and data should be stored, and how long for.  This gives a clear instruction that if you are dealing with these organizations, a definite amount of data should be available, if requested.  That data does not have to be in a live environment, or even an on-line environment, but it should be reasonably accessible.

The process of establishing a Data Retention Policy for your organization will involve addressing compliance with statutory obligations not only for the retention but also for the disposal of data.

Optimizing Disaster Recovery

Another factor to consider is that having a smaller JD Edwards database could get you back up and running quicker; a smaller enterprise database will be restored faster.

Running a lean JD Edwards system will help your business be more agile.  An agile business is better able to respond and recover from external attacks.

What is a Data Retention Policy (DRP)?

A structured and effective Data Retention Policy will define what legally needs to be kept by an organization.  It will clarify the who, what, where, when, why and how of archiving and purging.  The DRP should also provide a structured management framework for Information Life-Cycle Management (ILM).

Four main purposes of a Data Retention Policy

1. Assure maintenance of the records and information that an organization must keep to meet operational or regulatory requirements
2. Ensure timely and efficient disposal of records and information that are not needed or should not be maintained
3. Minimize the amount of data to be maintained by the IT department
4. Optimize the processing speed of the source system for the business users

Three core elements covered by a Data Retention Policy document

1. A formal written policy statement
2. A records / information retention schedule
3. Procedures for executing and enforcing the policy and schedule

Why invest time in developing a Data Retention Policy for your organization?

This may not be considered the highest priority project in your organization or the most dynamic task.  However, when you stop to consider the potential risk and damage to your organization and its brand of a data breach, it soon becomes clear why you should develop an effective policy for the retention and disposal of your JD Edwards data.

Case Studies

Four customers have shared their experiences of managing large volumes of JD Edwards data and talk about developing Data Retention Policies for their organizations.

1. J.F. Shea
2. Aggregate Industries
3. Atalian Global Services
4. La-Z-Boy

What’s the cost of a data breach?

Your fine, or compensation claim will be affected by the amount of data, and the number of data items stolen.

Data Breach Costs: Calculating the Losses for Security and IT Pros

“A recent IBM and Ponemon Institute study looked at nearly 525 organizations in 17 countries and regions that sustained a breach last year, and found that the average cost of a data breach in 2020 stood at $3.86 million…”
“The report also found that the United States continued to experience the highest data breach costs, averaging $8.64 million per event.”
https://insights.dice.com/2021/02/11/data-breach-costs-calculating-the-losses-for-security-and-it-pros/

In summary

Data retention and security is about managing risks.  Minimizing aspects of risk can allow you to get on with the important matter of running your day-to-day business. Two major risks that your organization can minimize by archiving your JD Edwards system are:

1. Legal liabilities of data that you no longer need or must keep
2. The time to get your business up and running again, in a Disaster recovery scenario.

Industry articles and information on Data Retention and Security

Head over to the ‘Industry articles’ tab on www.klik-it.com/security for information on Data Retention, Compliance and Security.