Despite the dangers, most companies lack visibility into the totality of their digital footprint.
Companies are awash in data. “Big Data” and its promise of actionable insights and automation has led to companies hoarding information, often without a plan about how to harness it for value creation.
The majority of data being created today is unstructured or “dark” data. Gartner defines dark data as “the information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes (for example, analytics, business relationships and direct monetizing). In today’s digital environment, unstructured data comes in many forms, from social media to application logs to audio and video files. Unstructured data is unorganized, raw and often forgotten about when putting technology and processes in place to protect data.
As companies continue to employ security in layers, hackers are evolving their attack vectors to get to the data they want. They’re looking for the easiest way to get to sensitive data – and that new attack vector is unstructured data.
Analysts at Gartner (gated) report that 33% of stale data stores haven’t been touched in three years or more, and estimate that up to 80% of the data footprint of an organization is unstructured, making this type of data an organization’s Achilles heel. As unstructured data continues to grow, hackers will continue to evolve and exploit this weakness.
“There are only two types of companies: those that have been breached and those that don’t know they have.” – Elena Kvochko, CIO, Barclays and Rajiv Pant, CTO, The New York Times
Unbeknownst to most organizations, their petabytes of data stored around the world in various file shares or document management systems are one of the biggest contributors to a breach and what hackers go after first – the path of least resistance.
According to the Ponemon Institute, 66% of small to medium-sized businesses worldwide reported a security breach in the past year. And, by the time a breach is discovered, hackers have typically been inside an organization’s data for 6-9 months looking for confidential information. Unfortunately, this also means the hackers probably know what’s in your data better than you do.
We mentioned earlier that close to 80% of an organization’s data estate is unstructured – well nearly 80% of enterprises also have little to no visibility into their data surface footprint. For businesses today, digital assets are often more valuable than physical assets. In 2016, businesses saw a massive 566% increase in compromised records.
So, how can you protect what you don’t know you have? It’s not a trick question – you can’t. With data privacy regulations such as California’s Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR) fining companies on a per-record basis, it’s more important than ever to secure and protect unstructured data from hackers. Dark data presents a real problem including data privacy and compliance, eDiscovery consideration and storage costs – it can’t be ignored any longer.
While unstructured data can feel like the stuff of nightmares, the good news is that there are tools and processes available to effectively manage data growth and security.
Creating a data map is a critical first step. A comprehensive data map helps drive cohesive interplay between tools. An enterprise-wide data security strategy puts the policies into place to take stock of data, standardize reporting, implement security procedures and discover potential use cases for data.
It’s important to strike the right between keeping data for value extraction and deleting data for risk mitigation.
With unstructured data continuing to grow, organizations need to choose tools which will scale to manage the totality of their environment and map new and on-going initiatives to specific processes. Enterprises need an actionable plan to control and control their data. Here are 5 key steps an enterprise can take to help secure unstructured data:
Data breaches are now a “when” versus an “if”. As the number of data breaches not going anywhere (Carnival Cruises, Microsoft, Estee Lauder, etc.) risk-conscious enterprises are looking to tackle the inherent risk which resides in unstructured data. Visibility into your unstructured data estate is the first, very necessary step to mitigating this risk. This is the only way to get a measurement of the depth of your organization’s exposure, the location and magnitude of the data, what needs remediation and what is overdue for erasure.
Securing and protecting unstructured data is not a one and done activity. Unstructured data needs to be continually monitored and managed – otherwise hackers will continue to exploit this vulnerability. Don’t fall victim to your dark data – it CAN hurt you.