Shining a light on dark data: how companies can establish effective data governance

Budget season has officially arrived for many companies. And if next year resembles previous years, companies reserve as much as 7.5% of their total IT spend on data management or managing the availability and security of data in their business systems. For larger organizations, data management can quickly become a $20 million line item on the budget.

But at one recent research, two-thirds of corporate IT leaders said managing structured data is their top priority, while unstructured data is less important. This means that a surprising number are likely to leave sensitive information unprotected.

Unstructured data, which exists in various forms in virtually every corner of an organization, is full of hidden operational risks for businesses. Losing sight of it means opening the door to bad actors and leaving a company unprepared for financial audits or other scrutiny.

At a time when cybercrime is at its peak always high, it is no longer a sensible option to keep the management of unstructured data on the back burner. Businesses need a data governance strategy that encompasses all of their information, regardless of format.

Fortunately, there are specific steps any business can take to control the full range of data it generates rather than focusing strictly on just one set.

Understand your data

The first step to mastering data is to understand it. That includes everything from survey results and maintenance reports to unused USB keys and handwritten notes.

A large majority of data (80% to 90%) is unstructured information, such as video, audio, social media posts, and scanned documents. Unfortunately, too many data programs allow this to exist as a blind spot. And without the tools to analyze this vast and growing category of data, companies leave huge amounts of valuable data on the table – and leave potential risks untouched.

Actual data governance means understanding where all this data is, how it is stored and who in the organization has access to it. The first step towards effective governance is the complete digital inventory of all data. This should include automation for scale, efficiency and accuracy, and should be viewed through a vertical-specific lens to leave no stone unturned.

Reduce the risk of your data

Once your organization has a thorough accounting of all types of data, it’s time to start the de-risking process.

In my company’s work with companies across industries, we’ve found that taking an inventory of all the data generally yields a breakdown that looks like this:

• About 12% of company data is mission critical.
• About 23% of the data is redundant, obsolete or unimportant.
• About 65% of the data in the organization is “dark” – unused and hidden in various networks, personal files, emails and other corners.

The dark areas pose cybersecurity risks to businesses, and these areas account for as much as two-thirds of the data companies generate. Rather than waiting for a breach to catalyze the risks of this data, companies should proactively invest in people and technology to remove, recategorize, secure or otherwise manage dark datasets.

Dark data: Train your employees

Employees from the bottom to the top of the organization handle sensitive information, including codes, passwords and financial data. Unsurprisingly, human error is one of the main culprits in data breaches.

For this reason, data security training should become a pillar of all job training and start on day one. Security policies should become second nature to everyone in the organization, from the administrative assistant to the CEO. Establish formal procedures and update them as necessary.

Make use of smart policy management

An effective data governance structure is essential, and acquiring data discovery technology is just the beginning of creating it. Your organization also needs experts who can serve as data owners and stewards.

Because a thorough data inventory could mean accounting for and managing as many as 100,000 unstructured files, ownership and stewardship roles cannot simply be linked to executive job descriptions. Instead, embedding data privacy, protection, and security by design requires automation and the full attention of specialists.

Think of breaches in terms of when, not if

There are record numbers of adversaries circling the digital boundaries of every company, and unstructured data is one of their preferred entry points. For this reason, companies need to think in terms of when a data breach will happen, not if.

More then 80% of US-based companies have been hacked or hacked in an attempt to steal or disclose data, and the numbers only get worse when you look globally.

The number of hackers and attempts is not expected to decrease, so it is up to companies to proactively prevent breaches. Thinking of them as a virtual security is a good start; it is not pessimism but realism.

But even if the stats are bleak, your business doesn’t have to be included. There are steps any business can take to keep its digital perimeters secure.

Good business security starts with understanding where the risks lie, and an inordinate amount of that lies in your industry-specific unstructured data. Collecting and securing this data may seem challenging, but the right combination of technology, industry insight, and human expertise can achieve just that.

Organizations must consider unstructured data when budgeting for data security. And by following these steps, companies can ensure that this kind of data no longer serves as a “welcome” sign for those who want to harm them.

Daren Trousdell is the Chairman and CEO of Now Vertical Group.