Five Questions to Proactively Identify Data Risk

Maintaining security and privacy of data has always been part of the IT operations landscape, but recent events in the news have brought these elements into focus for many organizations. In our conversations with customers, the company’s prior and current levels of privacy and governance are almost always a major part of the discussion. Although security risks pose a holistic threat across an organization, it’s often the responsibility of corporate IT to ensure the safety of employee, customer, partner and internal data.

Today, companies who seek a way to achieve data governance must deploy separate tools that require separate hardware, software, and management. These multiple layers are not directly integrated with the storage platform or the data contained within and thus, have increased complexity to operate, support, and maintain.  Additionally, by sitting “outside the data”, monitoring for data loss prevention (DLP) and scanning for data breaches must be scheduled after hours to prevent impacting primary data operations.

One of the top causes of security concerns for those corporate IT professionals is inadequate data management. In the event of a data breach, whether it’s caused by a malicious action, a system glitch or human error, lost or stolen data can lead to the loss of trade secrets, business opportunities, intellectual property, financial information or worse. Ultimately, these losses can result in a major blow to your company’s long-earned reputation. So, what can IT pros do to stop these crises before they occur?

You can begin by asking these five questions to help identify threats to your data that might already be in place:

1.    Who owns your data, and where are they keeping it? Take an inventory of the places throughout your infrastructure in which data is stored. Can you confidently locate all of them, and does that information have clearly defined owners?
2.    Do you trust the right sources with sensitive data? Regardless of the industry in which you work, there is information stored in your corporate data center, on employee devices or in remote offices that is private, confidential and essential to business continuity. As a result, the security and protection of any one of these locations should be verified and actively maintained.
3.    Are your employees educated on the right ways to handle data? Clearly outlining processes for employees who regularly access sensitive information is imperative to preventing human error, one of the leading causes of data breaches. If such an employee or contractor is terminated, the importance of these actions becomes compounded.
4.    Did someone delete what you were looking for? As data becomes cold, it runs the risk of being forgotten. Not only can this waste valuable space and effort within your data center, this makes your company vulnerable to files being accidentally deleted which actually should have been retained and properly indexed for legal, regulatory, operational or historic purposes.
5.    What lessons can you learn here? Can you monitor when sensitive data is accessed, so you remain abreast of any chances that it has been compromised? What’s more, can you track data access patterns, redundant data copies, ownership and data age in order to ensure operations are running smoothly, efficiently and securely at all times?

If you were unsure about your response to any one of these questions, it may be time to consider a smarter solution for data storage.

1 Like

Todd Barton

Todd Barton is a Senior Systems Engineer at DataGravity working with partners and customers focused on changing the paradigm of IT. Todd has extensive experience in solution architectures, channel development and evangelizing modernization of data centers at major conferences, such as VMworld. A Texan, Todd most recently worked for Dell and previously worked for EqualLogic and Virtual Iron Software. You can find Todd on Twitter @virtualocracy.