Shining a light on dark data: How companies can implement effective data governance

Check out all the on-demand sessions from the Intelligent Security Summit here.


For many businesses, budget season is officially here. And if next year is anything like previous years, companies will earmark as much as 7.5% of their total IT spending for data governance, or managing the availability and security of data in their enterprise systems. For larger organizations, data management can quickly become a $20 million budget line item.

But in a recent study, two-thirds of enterprise IT managers said managing structured data is their top priority, while unstructured data is less of a concern. This means that a surprising number are likely to leave sensitive information unprotected.

Unstructured data, found in various forms in virtually every corner of an organization, is fraught with hidden operational risks for businesses. Losing visibility means leaving the door open to bad actors and leaving a company unprepared for financial audits or other scrutiny.

At a time when cybercrime is at an all-time high, leaving the management of unstructured data on the back burner is no longer a wise option. Businesses need a data management strategy that encompasses all of their information, regardless of format.

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Watch sessions on demand today.

Look here

Fortunately, there are specific steps any business can take to manage the full range of data it generates rather than focusing on just one set.

Understand your data

The first step to managing data is to understand it. It includes everything from survey results and maintenance reports to unused USB keys and handwritten notes.

A large majority of data (80% to 90%) is unstructured information, such as video, audio, social media posts, and scanned documents. Unfortunately, too many computer programs allow this to exist as a blind spot. And without the tools to analyze this massive and growing category of data, companies are leaving huge amounts of valuable data on the table – and leaving potential risks unaddressed.

Effective data governance means understanding where all this data is, how it is stored and who in the organization has access to it. The first step to effective management is to complete a thorough digital overview of all data. This should include automation for scale, efficiency and accuracy, and be viewed through a vertical-specific lens to leave no stone unturned.

De-risk your data

Once your organization has a thorough accounting of data of all kinds, it’s time to start the risk mitigation process.

In my firm’s work with companies in a variety of industry verticals, we’ve discovered that an overview of all data generally produces a breakdown that looks like this:

  • About 12% of business data is business critical.
  • About 23% of the data is redundant, obsolete or unimportant.
  • About 65% of the data in the organization is “dark” – sitting unused and hidden in various networks, personal files, emails and other corners.

The dark areas pose cybersecurity risks to businesses, and these areas account for as much as two-thirds of the data businesses generate. Rather than waiting for a breach to catalyze the removal of this data, companies should proactively invest in people and technology to delete, recategorize secure, or otherwise manage dark data sets.

Dark data: Educate your workers

Employees from the bottom to the top of the organization handle sensitive information, including codes, passwords and financial data. Not surprisingly, human error is among the leading causes of data breaches.

For this reason, training in computer security should become a mainstay of all job training and start on day one. Security policies should become second nature to everyone in the organization, from the administrative assistant to the CEO. Establish formal procedures and update them as necessary.

Use smart policy management

An effective data governance structure is essential, and acquiring data discovery technology is only the beginning of creating it. Your organization also needs experts who can act as data owners and managers.

Because a thorough data inventory can mean accounting for and managing as many as 100,000 unstructured files, the roles of ownership and stewardship cannot simply be relegated to executive job descriptions. Instead, incorporating privacy, protection and security by design requires automation and the full attention of specialists.

Think of breach in terms of when, not if

There are record numbers of bad actors orbiting the digital perimeters of every business, and unstructured data is one of their favorite entry points. For this reason, companies should think in terms of when a data breach will occur, not if.

More than 80% of US-based businesses have been breached or hacked in an attempt to steal or expose data, and the number gets worse when you look around the world.

The number of hackers and attempts is not expected to decrease, so it is up to companies to proactively prevent breaches. Seeing them as a virtual security is a good start; it is not pessimism but realism.

But even if the statistics are grim, your business doesn’t have to be one of them. There are steps any business can take to keep their digital perimeters secure.

Proper enterprise security begins with understanding where the risks lie, and a disproportionate number of them lie in your industry-specific unstructured data. This data may seem challenging to collect and secure, but the right combination of technology, industry insight and human expertise can achieve just that.

Organizations must keep unstructured data in mind when budgeting for data security. And by following these steps, companies can ensure that this type of data no longer serves as a “welcome” sign to those who would do them harm.

Daren Trousdell is chairman and CEO of NowVertical Group.

Data Decision Makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people involved in data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.

You may even consider contributing an article of your own!

Read more from DataDecisionMakers

Leave a Reply

Your email address will not be published. Required fields are marked *