An unlikely ingredient in data security: Health
As folks likely know, I have been hanging out with data for a very long time. I actually like it, and sometimes understand data better than people.
Data is frail and fragile. It repeats itself a lot (think a CNN news loop), and it can reflect a hoarder’s sense of never wanting to let go of anything. It’s aging around the parameters and has packed a on few extra TBs/PBs over the years. It’s earned every grey hair. It keeps things long after the people who owned them have left. It’s lived through multiple moves, starvation, lack of power and lack of care.
But most importantly, data is not great at keeping secrets, and it is the first to blame someone else if something goes wrong. It was the network’s fault, the user, the application, etc. Data is not great at picking friends, and the information it uses to figure out who or what is safe is flawed and can unintentionally change.
To secure data, consider its health and activity
Until recently, data has been a bit of a couch potato, since it doesn’t move around easily. Some things have simplified this process, like encapsulation techniques to package it up and deduplication and compression to slim it down. It can still take a forklift, but it’s getting more mobile. It also isn’t welcome everywhere, so data can’t always leave a data center or perhaps a country. Technologies like containers try to ignore that data exists because life is easier when things are stateless. Luckily, data is what makes things interesting and it’s not going away anytime soon.
The most unruly data is semistructured or unstructured data. It was born to be wild, and no one has tried to really rein it in. It sort of reminds me of the saying, “when it is good it is very, very good, and when it is bad, there’s a problem.”
When I hear folks talk about data security, they never really talk about data. They talk about network penetration and permissions management; they talk about remediation to correct data, which is only a Band-Aid or a fix for a symptom of an underlying issue. They try to mask data issues with tools that obfuscate the actual issues.
If most companies’ data had a physical, there’s a 100 percent chance it would show some serious health issues that only an MRI or a CT scan could diagnose. To secure data we need to make it healthy first, then put a plan in place to keep it healthy.
Getting started: Get a data MRI
To identify and treat issues with data health, the first order of business is to get an MRI and see what’s in the data – then put together a plan to properly handle sensitive data, reverse the hoarder mentality, and better monitor and address issues before they become problems. Part of that monitoring is to ensure users aren’t exploiting or misusing data. Once you have a full view of the problem, and instill common-sense plans to address it, you can start thinking about securing your data. It sounds simple:
- Figure out what data you have;
- Define what is acceptable to keep and create a plan to get to that point;
- Detect when bad behaviors are growing, or if there some behaviors are repeat offenders; and
- Defend against bad habits if they start to slide back in.
Securing data requires starting with an understanding of what causes issues in the first place, and then moving back to a place where data is an asset, not a liability. Once that shift occurs, it’s a simple process to automatically keep data in a safe and protected state.
Who knows? Some day your data could be running a 5K. Will it be healthy enough to stand up to the challenge?
Get a free assessment of your data’s health today.Like This