How to build data-awareness from the ground up: don’t manage based on hope
A few years ago, I went on a vacation and didn’t make plans in advance. True, I booked flights to my destination and back, and I researched some things I wanted to see while away. Other than those preparations, I let the trip unfold on its own terms. It was nerve-wracking – and in the end, it was better than I could have planned.
Approaching an event of such scale with a cavalier attitude can be rewarding – but it only works in specific instances. In other cases, assuming you’ll figure out a situation on the fly can be a serious mistake. Certain projects need a plan from the beginning in order to be successful. Managing data security and protection based on hope is a recipe for disaster. “I hope they don’t find anything,” or “I didn’t know about it,” are common things I hear mumbled when IT people start looking around the room at each other. Cultivating a data-aware identity at an organization is an example – elements of data-awareness can strengthen a company and its security strategies, but to recognize its full value, a company’s foundation should be data-aware.
The core tenet of data-awareness is simple: although companies own their data, few truly know what it contains. Data often resides in virtual servers and file shares for years without being accessed. In the event of compliance audits or data theft, data owners realize their information contained red flags all along, such as sensitive information or evidence of past security intrusions. It still holds true that 100 percent of our customers are 100 percent confident that there is sensitive information lurking somewhere in their infrastructure. The question is, how do they find it and affect remediation to protect their companies? As the security landscape evolves and becomes more treacherous, organizations are seeking to proactively control, and gain visibility into, their data.
However, becoming data-aware isn’t like using a Band-Aid to fix a weak point in your system. Instead, it’s a paradigm shift. With the right approach, every company can help begin that shift.
Focus on awareness; then, gauge risks
Most companies are familiar with the feeling of adding bandages to a growing security wound. As high-profile breaches dominate news headlines, security teams have raced to add the latest perimeter guards and alarm systems to their IT systems. Anecdotally, how many thriller movies have you seen where a character turns on the alarm system and closes the front gate, believing they are secure at bedtime, only to find out the perpetrator is hiding in the closet – or worse, under the bed? (Chucky movies still scare me.)
As they add security measures, some companies make the mistake of using compliance regulations as a roadmap or discounting the possibility of uncharted sensitive data lying dormant in their infrastructure. Often, these are the organizations forced to backpedal later, after a breach or other incident exposes vulnerabilities the company didn’t realize it had.
As your company adopts a data-aware approach, focus on awareness itself – and help your staff get on board. Educating workers about the importance of safely handling, storing and accessing sensitive data can help build the data-aware foundation required for security initiatives to stand the test of time. Specific risks should be treated as a source of motivation, rather than a roadmap for your security strategy.
Your brand’s integrity, reputation and survival depend on your ability to know what’s in your data. When you change the fundamental way your team approaches data-awareness and security, you set it up to meet its own high standards.
Grow data-awareness in your organization by asking six questions.Like This