Perry Dickau is the director of product management at DataGravity.
It’s what you thought would be a quiet Saturday night when you get a call at 2 a.m. and learn your system has been breached. It may be a CISO's worst nightmare. A major portion of your data, structured and unstructured, is now in the public domain. However, until you get to the office and dig into the specifics of the breach, you’re not sure which files and folders have actually been exposed. Frantic, you rack your brain: What is the worst thing someone could find in your files?
Inadvertently exposing sensitive data is never a positive experience for the people directly connected to the information – as Sony, Target or any one of the thousands of companies that suffered breaches in recent years could tell you. For many security executives, real terror strikes when they aren’t entirely sure what’s hiding in their storage. When data is untouched for long periods of time, it grows cold and eventually becomes dark, creating a breeding ground for misplaced information and potentially dangerous elements. And it’s not just enterprises that can unearth nightmares in their dark data stores; universities, hospitals, law firms and various other organizations frequently store spreadsheets, emails and other files that may contain credit card numbers, Social Security information, intellectual property, or worse.
Imagine if, after you got that 2 a.m. phone call, you arrived at the office in the morning to learn that any one of the below examples had made its way from your server to the public realm:
Your company’s bread and butter in the marketplace is the advantage you have over other competitive vendors, but as part of this oncoming breach, your “secret sauce” was potentially leaked to your adversaries. Losing trade secrets could cause irreparable harm to your brand integrity, and potentially make your company less viable in the eyes of your consumers.
Passwords, Credit Card Numbers and Online Login Details
Do you have a document titled “Passwords” in one of your desktop or file share folders? Even if you don’t, one of your employees likely does. Spreadsheets and repositories that keep track of login credentials, file names and elements such as credit card numbers and Social Security numbers make it easy for interested parties to identify personal information on a company’s server. In today’s risk landscape, where security breaches are almost inevitable, companies need to make sure they’re locking down every instance of critical data.
Home Loan Information
As a realtor, it’s part of your job to help manage clients’ private data and keep it confidential – including files such as home loan applications and approvals. If a third party gained access to these files, your customers’ personal security would be compromised, and the credibility of your business would be at stake.
A Family’s Financial History
Universities keep track of students’ scholarships and tuition payments, many of which are determined by their families’ income. If you’re a chief information security officer (CISO) or IT pro working in higher education, a hack could expose credit histories, loan applications and other private assets for current students and alumni alike – and financial support from both parties is often necessary to fund university programs and initiatives.
Medical Insurance Information
Every patient who has ever received treatment at a hospital or doctor’s office is on record, accompanied by his insurance history and medical details. Even in the event of an inadvertent breach, exposing this information can wreak personal havoc on the patient’s life, including his quality of healthcare and his personal privacy.
Timelines and Research For a Round of Funding
The investors are excited; the terms are nearly settled between a venture capitalist (VC) firm and your company – and suddenly, all of your negotiations are out in the open, along with your research about the firm that started the deal in the first place. Even if you don’t lose support from the VC, your reputation in the community will likely be tested.
When your company suffers a data breach, your internal teammates aren’t the only people with private information at stake. It’s your responsibility to help protect your customers, employees, partners and any other individuals who have interacted with your organization. Be sure to ask yourself: Are you sure you know what’s hiding in the depths of your data? And what would you do differently if you could find out?
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.