Posted with permission from Active Navigation, originally published on June 10.
In this special guest feature, Dean Gonsowski, Chief Revenue Officer at Active Navigation, InfoGovANZ's Foundation Sponsor, focuses on what steps a company needs to follow to review, understand and clean-up their data to eliminate security risks. As a former litigator/GC/AGC, Dean has a proven track record of accelerating the rapid development of high growth, venture backed software companies (such as Relativity/kCura, Clearwell/Veritas, Recommind/Opentext). He is a seasoned professional with the ability to build/manage teams, run P&Ls in executive leadership roles including Sales, Strategy, Business Development, Marketing and Professional Services. Dean has a JD from the University of San Diego School of Law and a BS from the University of California, Santa Barbara.
The volume and variety of data created in the past decade doesn’t show signs of slowing down – nor does the pace of hacking attempts. Unstructured data, also known as dark data, is increasing at a rate of 62% per year, according to IDG. By 2022, IDG predicts that 93% of all data will be unstructured.
Unstructured data – information that does not fit easily into structured systems like databases – is inherently more risky data because it’s easily accessible and often ungoverned. Unstructured data also poses a threat to organizations because it can be difficult to know where it resides within an enterprise network, making it a treasure trove for hackers.
Often organizations have little, if any visibility, into their unstructured data estate, meaning they may be hoarding data that has little value or poses a risk. Storing and protecting such data raises compliance with laws such as the California Consumer Privacy Act (CCPA) and New York Cyber Regulations.
When was the last time you looked at your data estate? If the answer is, I don’t know or Never, it might be time for a good Spring Cleaning.
For companies struggling with where to start, there are fortunately some basic foundational paths that are well established. Achieving visibility into your dark data should be your first goal on the way to cleaning up your proverbial “data closet.”
Understanding Your Data Estate
A recent study conducted by Relativity and the Coalition of Technology Resources for Lawyers (CTRL) found that more than 60% of respondents didn’t fully understand their data universe and its potential to contain risky, sensitive or personal data. This means that more than half of a company’s data is likely to be “dark” – rendering it both risky and unavailable for effective use by the larger organization.
Data mapping helps you understand the types of personal data your company manages, how it’s collected, what it’s used for and where it’s stored. Knowing where your data is located across all your content repositories is a constant challenge, but you can’t protect what you don’t know you have. Data mapping is a key component of operationalizing and maintaining a rigorous, fully compliant data governance program, and in turn, can reduce IT and legal costs. Without a data map or inventory as your bedrock, it’s near impossible to build an effective security or risk management strategy.
Classify Unstructured Data
In the era of “Big Data,” many organizations want to hoard information to use for future value extraction. However, this practice is not only a privacy blind spot, but also increases the risk of Personally Identifiable Information (PII) and Highly Confidential Information (HCI) being accessed in a breach. The longer you hold data, the more risk increases while value decreases – a lose/lose situation.
Once you have mapped your enterprise network, you then need to know what kinds of information you hold. According to Gartner, unstructured data can make up as much as 80% of the data footprint of an organization, while 33% of stale data stores have not been touched in three years or more. Many companies are unaware of what sensitive information resides outside of typical security protocols. CISOs need to think beyond the perimeter as threats continue to evolve.
By classifying your unstructured data, you can identify data that holds no business value and will be on the journey to effective risk remediation. Given the sheer volume of unstructured data (often in the petabyte range), this data classification process cannot be achieved manually. File analysis software can be deployed to automate data discovery by using a combination of rulesets and thematics to identify and classify data.
Data Minimization Through Actionable Insights
Once you fully understand your data profile, the “spring cleaning” can really get started. The insights you have gleaned from mapping and classifying your data needs to be actionable in order to discriminate between “trash” and “treasure.” To truly be actionable, it’s critical to convey data in a way that is easy for decision-makers to consume with visualizations, graphs and intuitive dashboards.
With visibility into your data, you can identify and act on risky data, remediate Redundant, Obsolete and Trivial (ROT) data and highlight areas which require additional protection. Minimizing your data reduces the effort (and cost) required to safeguard personal information or respond to data security incidents.
With the onslaught of data breaches, and privacy regulations now imposing fines on a per record breached basis, it’s more important than ever to delete or quarantine data that isn’t providing value to your organization.
Unlocking Dark Data’s Value
“The best time to plant a tree was 20 years ago. The second-best time is now.” The same can be said about content-clean up — the best time to start is now.
Every day, organizations are using structured data to make themselves more competitive. Many don’t realize how much their business could improve by leveraging their unstructured data too. By cleaning up ROT data, companies can reveal trends and patterns and differentiate themselves in the market.
When starting your spring-cleaning project remember:
- It remains important to take a holistic (global, enterprise-wide) view toward your data governance.
- Reach out to all necessary stakeholders. This project requires buy-in from several departments, not just IT.
- Start with data mapping. It will be your guide throughout this project.
- Determine what business outcomes you want to achieve, for example deleting or securing data, and then act accordingly.
- Start now. Don’t wait for an unsavory trigger like a data breach or audit.
Effective data governance and regulatory compliance is virtually impossible without a clear understanding of what data you’re storing and its risk profile. Clean out your data estate before an event, like a data breach, forces your hand.
