CISO, CIO, CPO: where would you begin with data if you could do it again?

October 13, 2020

By

Yaniv Avidan

Yaniv Avidan, Chief Executive and Co-founder of MinerEye, discusses the benefits of tight unstructured data management (sponsored).

If you could redesign your network from scratch, would you install unstructured data management controls as one of your first steps?

In retrospect, would automated unstructured governance be at the top of your “to do” list if you know that it could enable the discovery, indexing, classification and tracking of all your unstructured data?

Even if you aren’t sure exactly what data is located in your unstructured data repository, automated governance would reduce your network’s attack surface, control file sharing, optimise your cloud usage and monitor your business and customer sensitive data for compliance.

So let’s take a moment to review the business benefits of a sound unstructured data management programme.

As a Chief Information Security Officer (CISO), automated unstructured data discovery gives you the ability to protect data in file sharing across your growing hybrid work environment. You can quickly respond to your customers and shareholders in case of a breach by knowing what data lies in those compromised accounts.

As a Chief Information Officer (CIO), automated unstructured data governance gives you data minimisation to control cloud processing costs up to 40% and improved efficiency for the entire organisation in finding information.

As a Chief Privacy Officer (CPO), automated unstructured data mapping gives you full visibility to discover, segment, segregate and delete all the relevant personal information held by your organisation for compliance with the various privacy, financial and other regulatory laws.

The costs of leaving your unstructured data in the dark.

Now that we’ve established the multiple benefits of establishing tight data management, let’s understand the other side. What are the costs of leaving your unstructured data in a dark “cave” without the visibility or the ability to retrieve and manage it? Keep in mind that unstructured data includes Word documents, PDFs, spreadsheets, emails and attached files. Despite its volume and frequency in organisations’ networks, it’s estimated that around 90 percent of unstructured data is never analysed.

Again, let’s delineate the costs according to your role:

As a CISO: Reduction of the attack surface is a key aspect in healthy cyber defence. As the network perimeter is no longer a useful concept, your “attack surface” becomes your crown jewels, i.e. your network data. How can you propose to protect your network data if you don’t even know what’s inside your unstructured repository, what Gartner cites as comprising up to 80% of your total data.

What’s the cost of having zero visibility to your unstructured data? It should be equal to the cost of sensitive data exfiltration. Since the increase of remote working and uptake in collaborative software, sharing files has never been easier, opening up the possibilities of sharing sensitive data indiscriminately, carrying potential damage from well-intentioned people, among others.

As a CIO: Smart cloud adoption and usage are much more costly due to out-of-control data volumes.

“The costs for each of these critical business divisions: cyber, information technology, and privacy, to keep unstructured data outside the realm of your 'known, mapped, indexed and classified data' are not worthwhile”

The high price of file processing (downloading and uploading) is a result of the endless files filled with ROT (repetitive, obsolete, trivial) information.

The data sprawl across different clouds and SaaS environments contribute to one black hole that is impossible to manage.

File classification and legacy DLP systems do not relate to the multiples uses, users and context of your data, nor can they apply labels on unstructured data, rendering them useless over your hybrid environment.

So what’s the cost of unmanaged data sprawl as it relates to work efficiencies and business success?

Not one you want to see on a balance sheet.

As a CPO: With regulations over privacy of consumer data quickly becoming commonplace, privacy officers play a critical role in the business success.

Beyond the aspects of avoiding regulatory fines, managing consumer data correctly can be part of successful customer retention, and the costs of attrition are high and sometimes irrevocable.

The costs of manual data retrieval in event of customers asking to be deleted can reach $4k per request, according to Gartner.

The costs of manually matching each file to a relevant regulatory article according to the data in the file can be overwhelming.

In short, the costs for each of these critical business divisions: cyber, information technology, and privacy, to keep unstructured data outside the realm of your “known, mapped, indexed and classified data” are not worthwhile for any organisation to incur.

Both for efficiencies in operations and for keeping sensitive data of any type (from intellectual property to customers personal information) safely within any organisation. One thing is clear, if you were to redesign your network’s IT architecture today, tight automated data management of your unstructured data should be one of your first priorities.

By Yaniv Avidan, CEO and Co-founder, MinerEye

Learn more about unstructured data at PrivSec Global. Click here.