Data fuels today’s digital economy. Organizations around the globe are collecting, storing, analyzing, sharing and monetizing massive data stores in search of market insights, operational efficiencies and customer experience enhancements. Protecting all that data has become an extreme challenge, however.
Unrestrained data growth has been an issue for decades, but it has become particularly acute in recent years. The shift to remote and hybrid work and the increased reliance on multiple cloud platforms and services has dramatically accelerated data sprawl. As a result, few organizations know where all of their sensitive data resides. That lack of visibility seriously compromises their ability to secure and protect their data.
Recent research finds that the average organization has data stored in more than a dozen different repositories — not including the ones they don’t know about. Most organizations have significant amounts of sensitive data residing in unsanctioned cloud storage as well other “informal” repositories such as email, collaboration portals, messaging services and personal devices.
Getting a Unified View
AI ups the ante. AI-powered systems have the potential to transform business operations, but they need ready access to high-quality, consistent data. If data is scattered across multiple repositories, AI-powered tools won’t have all the information needed to make accurate predictions.
To lay a strong foundation for AI adoption, small to midsize enterprises (SMEs) should consolidate data from multiple systems, eliminate redundancies and fill any gaps. Because this is an ongoing process, SMEs should prioritize data governance to ensure the continued integrity and reliability of AI output.
A data governance framework is also essential to gaining visibility into the data storage environment, limiting sprawl and ensuring compliance with various government and industry regulations that stipulate how data should be collected, shared and used. A well-designed governance program helps organizations identify what data they have, where it resides, its operational value and who can access it.
Identify and Classify
A data discovery process is the first step. AI-powered data discovery tools can identify data assets wherever they reside. Once you’ve created a comprehensive inventory of your data, these tools can identify attributes that can be used to classify data based on use case and value to the organization.
Armed with that information, you can establish baseline security practices that match data value. Generally speaking, data can be classified according to three value levels:
- Public data. This includes anything intended for public use that would result in little to no risk if it were disclosed. This might include press releases, blog posts or research publications.
- Private data. This includes personal information (PI) that can’t necessarily be linked to a specific person but could result in a moderate level of risk to the organization. It could include search histories or past addresses.
- Restricted data. This includes more sensitive personally identifiable information (PII) that could be used to distinguish an individual’s identity. It would also include intellectual property, trade secrets, financial statements and more.
Controlling Access
The governance program should describe specific security measures based on data classification. These measures would establish controls on who can access data and what they can do with it. That typically will require identity and access management tools to ensure users can only access the data they need for their jobs. More sensitive data will require stronger measures such as multifactor authentication, risk-based/adaptive security and granular password management to help provide control user activity.
A governance program should also include procedures for storing, archiving and backing up data. A variety of emerging tools are simplifying these processes through automation. For example, automated archival tools streamline the process of moving data off primary storage tiers, and e-discovery tools deliver powerful search and tagging functionality that improve the ability to review and classify data.
Poor visibility into sprawling storage environments has contributed to increased risk of data breaches and leaks. The security experts at Verteks can provide guidance on establishing a data governance program that will reduce your risk.
