Why Securing Unstructured Data Is Becoming a Strategic Priority

by Chris Preimesberger

What does sensitive information looks like? Where is it located? Who can access it? Organizational data stores are live organisms in which information is constantly being added, duplicated, edited and deleted. Awareness of the different types and locations of sensitive data and who has and who should have access is complicated—and critical.

IT departments struggle to manage exponentially increasing amounts of data and must delegate some aspects of its management. Security departments have no clue as to who should have access to folders because there are often millions of them.

The IT department of an average small and midsize business (SMB) carries out hundreds of access requests daily, usually processed via email or by phone. The massive amount of service requests makes the process impossible to oversee.

Organizations must continually review entitlements across applications and platforms to ensure access is actually needed and to remove excess entitlements. Collecting and analyzing millions of entitlements across many platforms and managing the review are an enormous challenge. However, studies have shown a dramatic decrease of nearly 30 percent in the number of entitlements after the first review.

It’s crucial to understand and gain transparency into the following: Who is accessing sensitive information? How are they using it? Who is deviating from the organizational policies? Answering these questions is a major step toward securing organizational data stores.

Looking at the big picture of granted entitlements across the enterprise is vital to accurately estimate potential exposure and risk factors. Having entitlements information from millions of files, folders, mailboxes, sites, and homegrown applications centralized and analyzed, can easily answer important questions, for example, on the types of information accessible to specific audiences (IT, domain administrators, etc.)

Because the number of security breaches and information thefts are on the rise, just knowing who is doing what is not adequate. Defining real-time policies based on various user, machine and information attributes dramatically increases the odds of preventing information leaks and the damages that comes with it.

High-end enterprise storage is a major expense in every organization’s IT budget. Despite the decrease in the cost per gigabyte, the sheer increase in the consumption of the organizational storage makes it a real concern. The ever-expanding increase of storage also raises the manpower needed for management. Using crowd-sourcing to determine ownership and stale permissions quickly accelerates ROI of deployment, implementation, and maintenance of securing and governing unstructured data.

Compliance is an ongoing process, not a single point in time. Organizations must comply with Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), ISO 27001/2, ISO 27799 and other regulations, and be able to perform forensics and active discovery.

Until you know what data is sensitive, who is accessing it, how, when and from what devices, you cannot protect it fully. Hackers are clever and determined; they’ve penetrated some of the largest companies, banks and governments. They want your information. Even if it isn’t valuable to them personally, it certainly has a value on the open market.