In the almost 14 years our team at Infolock has been working with corporations, government agencies, banks, healthcare systems, insurance companies, retailers, manufacturers, and non-profit organizations, we’ve seen an incredibly common theme: we’re all drowning in data. As in “it’s-over-our-heads-and-we’re-just-trying-to-stay-afloat” kind of drowning.
From internal work product documents, to customer profiles, medical treatment records, financial transactions, marketing analytics, annual reports, IoT logs, and everything in between — we’re all keeping everything, forever, everywhere, with basically open access, sharing, and collaboration. Cloud storage and mobile devices? They’ve just accelerated an already out-of-control situation.
Like a turtle who can’t leave behind his shell, we’re all dragging our legacy data around with us, even when it’s so old, out of date, inactive, irrelevant, or sensitive that we should be doing our best to limit it. Delete it. Archive it. Lock it down.
The reactions to this data overwhelm run the gamut from bored indifference to pure panic. There are almost always voices calling for data discovery, analysis, classification, clean up, and protection. But there are many more voices insisting that all the data is necessary, it’s all “active”, it’s all operational. How many of us have heard (or said) these things:
- “We can’t possibly delete any of our data — what if somebody needs it someday?”
- “We can’t move our data — what if people can’t find it?”
- “We can’t limit access to our data — it might take longer for people to do their jobs!”
What’s the result of this reluctance to tackle actively managing our data?
- Inefficiencies; in storage duplication, migration overhead, access and exception management, and performance impacts.
- Costs; in on-prem and Cloud storage repositories, staff to manage and administer storage platforms, time/effort to perform litigation searches and holds.
- Risks; of external exposure, internal leakage and loss, compliance and regulatory violations, civil lawsuits and litigation.
There has to be a better way, right? Yes. We feel passionately that it all begins with a simple plan based on a simple assessment. A plan that leads to a consensus understanding that everyone can support: executive leaders, business unit managers, security personnel, as well as legal, HR, and compliance professionals.
Huge, intractable problems break down into smaller, digestible pieces. Instead of trying to solve the whole “data problem” at once, across the entire organization, start with one particular area. One department. One team. Get an understanding of how that part of your organization collects, analyzes, uses, retains, stores, deletes, and manages its own data.
Start small, and let the data itself drive your decision-making: use our framework for managing data risks. Like other organizations who have committed to getting their heads above water, you may find it’s a crucial lifeline. It’s free to download and use — because we think it’s time for all of us to stand on solid ground.
- CISO, We Have a Problem
- Managed DLP Services
- Drowning in Data?
- Buying Bad
- Learning from the Equi-Fail
- Data is the New Black
- Data Loss in a Galaxy Far, Far Away
- Peak Vendor: Reclaiming InfoSec Priorities and Budgets in the Age of Big Marketing
- The Four Do’s of DLP
- Building a New MSSP, Overcoming the DLP Blame Game