We all know that data is the most valuable intangible asset for a digital business. As data continues to grow in volume, variety and velocity, organizations are forced to take a fresh look at their data management and protection practices. In fact, data protection is now front and center in how organizations manage business risks and protect business outcomes, particularly when it comes to unstructured data.

Data Is Changing, and So Should Your Organization

As data becomes more fluid, dynamic and distributed, so do the challenges around protecting it. IDC predicted that the amount of data created will grow exponentially over the next several years and reach 44 zettabytes by 2020.

What does this mean for your organization? According to Forrester, the average organization holds more than 100 TB of unstructured data within its data centers. Another Forrester report noted that sprawling network drives and SharePoint sites are among the top concerns. With this in mind, lack of ownership and governance of unmanaged file share and storage platforms imposes significant hidden risks to an organization’s critical assets.

Unlike traditional data stores such as databases, there is little to no control or predictability of the data in unstructured repositories because access permissions are amorphous and frequently change over time. At the same time, organizations have to deal with evolving compliance mandates, the skills shortage and the proliferation of security tools from an array of vendors.

How to Avoid Unstructured Data Blind Spots

While many organizations have acknowledged and realized the need for data protection strategies and implemented risk mitigation controls such as data loss prevention (DLP) and encryption, very few have taken a systematic approach that encompasses the protection of both structured and unstructured data repositories. Data security tools are often implemented in a siloed and ad hoc fashion, resulting in operational inefficiencies and data security blind spots.

However, this could soon change: According to Gartner, 40 percent of organizations will be consolidating and rationalizing data security solutions into centralized data-centric audit and protection (DCAP) tools by 2020 — significantly higher than the 5 percent that are doing so today. What’s more, the introduction of regulations such as the European Union (EU)’s General Data Protection Regulation (GDPR) and California’s impending Consumer Privacy Act are also forcing organizations to take a holistic look at their data protection programs and expand their scope to unstructured repositories such as files shares.

As these pressures mount, organizations should consider the following five key security and compliance actions to reduce potential blind spots:

  1. Understand your sensitive data footprint through automated file discovery and classification of file content.
  2. Implement intelligent access management by analyzing document metadata to understand the ownership, so the right owners have access to the right data.
  3. Apply out-of-the-box polices to monitor and detect anomalous or malicious file access patterns, then leverage the insights to use remediation controls such as encryption, isolation, archival and/or elimination of redundant and outdated data, and access that may lead to unnecessary business risk.
  4. Minimize compliance costs with automated, auditable reporting, so the right people can get the right reports at the right time, and avoid potential regulatory fines and unnecessary and time-consuming manual work.
  5. Collaborate and partner with a single data protection vendor for centralized visibility and control of all data assets, thereby eliminating the need for diverse vendor technologies, overcoming security blind spots and reducing operational challenges.

Why You Should Invest in Comprehensive Data Protection

The main motivation for an enterprise to invest in a robust cybersecurity program is to build resiliency and ensure continuous availability of its assets. Data protection is the last line of defense and often the most critical one as threat actors continuously develop new tactics to circumvent perimeter controls.

Organizations must ensure that they address data protection requirements in their entirety using discovery, classification and protection controls across all their data assets, irrespective of their type or where they reside. Remember: The highest number of data risks reside in places — such as unstructured data repositories — that are the most intuitive, yet the most ignored.

Explore Guardium Data Protection for Files

More from Data Protection

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today