We all know that data is the most valuable intangible asset for a digital business. As data continues to grow in volume, variety and velocity, organizations are forced to take a fresh look at their data management and protection practices. In fact, data protection is now front and center in how organizations manage business risks and protect business outcomes, particularly when it comes to unstructured data.

Data Is Changing, and So Should Your Organization

As data becomes more fluid, dynamic and distributed, so do the challenges around protecting it. IDC predicted that the amount of data created will grow exponentially over the next several years and reach 44 zettabytes by 2020.

What does this mean for your organization? According to Forrester, the average organization holds more than 100 TB of unstructured data within its data centers. Another Forrester report noted that sprawling network drives and SharePoint sites are among the top concerns. With this in mind, lack of ownership and governance of unmanaged file share and storage platforms imposes significant hidden risks to an organization’s critical assets.

Unlike traditional data stores such as databases, there is little to no control or predictability of the data in unstructured repositories because access permissions are amorphous and frequently change over time. At the same time, organizations have to deal with evolving compliance mandates, the skills shortage and the proliferation of security tools from an array of vendors.

How to Avoid Unstructured Data Blind Spots

While many organizations have acknowledged and realized the need for data protection strategies and implemented risk mitigation controls such as data loss prevention (DLP) and encryption, very few have taken a systematic approach that encompasses the protection of both structured and unstructured data repositories. Data security tools are often implemented in a siloed and ad hoc fashion, resulting in operational inefficiencies and data security blind spots.

However, this could soon change: According to Gartner, 40 percent of organizations will be consolidating and rationalizing data security solutions into centralized data-centric audit and protection (DCAP) tools by 2020 — significantly higher than the 5 percent that are doing so today. What’s more, the introduction of regulations such as the European Union (EU)’s General Data Protection Regulation (GDPR) and California’s impending Consumer Privacy Act are also forcing organizations to take a holistic look at their data protection programs and expand their scope to unstructured repositories such as files shares.

As these pressures mount, organizations should consider the following five key security and compliance actions to reduce potential blind spots:

  1. Understand your sensitive data footprint through automated file discovery and classification of file content.
  2. Implement intelligent access management by analyzing document metadata to understand the ownership, so the right owners have access to the right data.
  3. Apply out-of-the-box polices to monitor and detect anomalous or malicious file access patterns, then leverage the insights to use remediation controls such as encryption, isolation, archival and/or elimination of redundant and outdated data, and access that may lead to unnecessary business risk.
  4. Minimize compliance costs with automated, auditable reporting, so the right people can get the right reports at the right time, and avoid potential regulatory fines and unnecessary and time-consuming manual work.
  5. Collaborate and partner with a single data protection vendor for centralized visibility and control of all data assets, thereby eliminating the need for diverse vendor technologies, overcoming security blind spots and reducing operational challenges.

Why You Should Invest in Comprehensive Data Protection

The main motivation for an enterprise to invest in a robust cybersecurity program is to build resiliency and ensure continuous availability of its assets. Data protection is the last line of defense and often the most critical one as threat actors continuously develop new tactics to circumvent perimeter controls.

Organizations must ensure that they address data protection requirements in their entirety using discovery, classification and protection controls across all their data assets, irrespective of their type or where they reside. Remember: The highest number of data risks reside in places — such as unstructured data repositories — that are the most intuitive, yet the most ignored.

Explore Guardium Data Protection for Files

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today