Having little or no visibility into data, referred to as ‘data blindness’, has become commonplace amongst organisations. As the term suggests, it can completely impair the scalability and efficiency of a business. Many organisations don’t know what data they’ve got, which customer it relates to (if at all) and where it lives.
In fact, according to a report by the Institute of Directors (IoD) and Barclays, more than 40% of organisations have no idea where their data is stored. With recent regulations such as the EU GDPR and California Consumer Privacy Act coming into play in 2018, more attention than ever is being paid to the way organisations all around the world use and abuse data. Data blindness, therefore, must become a thing of the past.
Costly consequences of data blindness
The impact of this lack of visibility into data can be crippling for an organisation. This is especially with regards to a data breach. Without awareness into data around every facet of your organisation, it becomes impossible to accurately model the risk of a data breach to your business. How can you protect the most important data if you don’t even know where it is? Due to the ever increasing frequency of data theft, organisations are making the assumption that it is not a matter of if your organisation faces a data breach, but when. That makes it even more critical to map out your data across your infrastructure and in the cloud to identify what is where.
Tools that have simply been built for compliance purposes won’t cut the mustard. Compliance is constantly evolving, so you need a flexible tool that easily analyzes and categorises data to give you overall visibility. Establishing exactly what data is vulnerable and what data is stored according to policy, allows you to reduce the risk. That risk could be from a temporary data set copied and forgotten, an unintentional misconfiguration, an application writing to an unsecured NAS share, or log files that contain copious PII. Until you look, you cannot know. This enables you to go above and beyond compliance to reduce data vulnerability. Ultimately, you can be deemed compliant but still be at risk of a data breach. As well-meaning as regulatory compliance is, it doesn’t protect you from a determined adversary. Eliminating exposed data increases the required effort for an attacker, and the longer they dwell trying to get what they want, the better the chances are you will catch them before they do.
One of the most damaging financial implications of data blindness comes when you are audited, but it is not just heavy fines. Back in 2012, Josh Corman and David Etue likened auditors to ‘the zombie apocalypse’. They suggest the auditor is a mindless and unstoppable thing that wants their compliance report no matter the cost (to you and your team). IT professionals who don’t have an easily searchable data management system or a reporting tool that can be used for more than one regulation may see some truth in this. Preparing for audits is extremely time-consuming and a resource-heavy activity. If you have a small infosecurity team (sometimes made up of just one person), you can spend hours searching for data. It may be that the infrastructure and operations team are also brought in to help, or saddled completely with running spreadsheet-based manual crawls of server after server. That distraction from more differentiating activities is a very real cost in terms of full-time employee resources that you will never ever get back.
The three considerations of data: standardise data, data strategy and data culture
There’s data cataloging, data bench lining, and a single view of data. Getting data right requires multiple considerations. Information Age spoke to Greg Hanson from Informatica and he outlined three considerations: to standardise data, data strategy and data culture
Discover your data
Adopting an effective multi-cloud data management solution that not only protects but automates data governance activities, can enable your organisation to fully combat data blindness and the damaging consequences that ensue. A multi-cloud data management solution provides visibility across your whole business, leading to increased efficiency and productivity as well as enabling your organisation to save ample money and resources. When it comes to auditing, a multi-cloud data management solution that unifies data silos across data center and cloud environments will allow you to find your data easily and classify it.
Suddenly you will be able to search for any file and discover your data instantly, no matter where that data resides. By using a multi-cloud data management solution to deliver data protection and data governance, organisations can reduce the unnecessary cycles on their production environment to uncover sensitive data exposure. Sensitive data can be discovered, classified, and reported on based on the analysis of backup data. Tool sprawl and additional management overhead can also be eliminated by using a solution that addresses both data recovery and data governance.
Why companies must become custodians of customer and internal data
This will mean that you are able to act proactively and eliminate any vulnerable data well before a data breach actually hits. Removing this vulnerable data will mean that you will be well ahead of the game and be able to protect your organisation from the irreparable financial and reputational damage that been the downfall of so many organisations.
There’s no doubt that some things just aren’t in your control. You can’t change the fact that data breaches have either already affected or will affect almost every single organisation. And you can’t escape from the inevitability of auditing and compliance reports. However, what you can do is to mitigate the risk of vulnerable data, the distraction, and the time and resource impact by making data blindness a thing of the past.
Robert Rhame, is Rubrik’s Director of EMEA Product Marketing