Ken Spinner is VP of Global Field Engineering for Varonis.
Companies are digital hoarders: millions of emails, documents, spreadsheets, presentations, and more packed onto servers and file shares, squirreled away on-premises and saved in the cloud. As data stockpiles grow, most of this data will remain long after its business value fades.
Gartner refers to this data as "dark data"—the information that organizations collect, process and store during regular business activities, but generally fail to use for other purposes. Saving dark data that’s outlived its shelf life and utility to your business is sloppy at best and dangerous at worst.
Sure, cloud storage is relatively inexpensive, and some enterprises need to retain a portion of their dark data to comply with business regulations and legal requirements. But storing and securing excessive dark data results in unnecessary expense and risk.
How pervasive is dark data? A recent survey found, on average, 54 percent of an organization’s data was stale, which adds to storage costs, wasted resources, data management complications and security risks.
Dark data puts your organization at risk in these three major areas:
Security dangers. The more dark data you retain means you have more to protect—and more at risk if a breach occurs. Old files that may not seem very important to you might be extremely interesting and valuable to a company insider or an external attacker who is looking for information to leverage for personal, political or monetary gain.
Unlike ransomware, which makes its presence known, attackers on the prowl for sensitive content will try to remain hidden. If dark data accumulates and becomes a low-security priority, you’re providing attackers with a window of opportunity and placing your organization at risk.
Compliance issues. If your dark data holds, for example, a Word document with employee PII or an Excel file with customer payment information, your organization may be violating regulations such as GDPR, HIPAA, SOX, PCI-DSS and others. Unfortunately, many companies don’t know this data is even on their network and fail to secure it. In the event of a breach, attackers will zero-in on this content and regulators will demand answers.
In case you were wondering, the GDPR can impact companies outside the EU. The regulations cast a wide net: Healthcare providers treating EU citizens, local municipalities handing out speeding tickets to EU tourists, companies with employees from the EU and others may be held accountable. Storing data that’s unnecessary for business, or failing to lock down the data that is needed opens the door to breaches, violations and fines.
Cloud and hybrid storage concerns. Most enterprises store data both on-premises and in the cloud, which can make it harder to secure sensitive information on a need-to-know basis. Cloud storage is convenient, but often lacks the security controls organizations have grown to expect in their on-premises data stores.
At the same time, don’t forget your on-premises data. Many companies taking a cloud-first approach will continue to store information on physical servers. Security controls and measures typically protect cloud or on-premises data storage, but not both – you need to understand the limitations and capabilities of both environments, lock down your security and monitor both environments for threats.
While dark data poses serious risks to your organization, you can start gaining the upper hand. Get started with these tips:
- Remove or archive data that no longer provides value.
- Monitor and alert when the information you must retain exhibits signs of unauthorized access.
- Prioritize and reduce unnecessary access to data.
- Take a hard look at the regulated, out-of-policy data lurking within files and remove or archive accordingly.
- Cloud storage isn’t set it and forget it. Never assume your data is safe in the cloud.
- Maintain and enforce a strong security policy to manage access control and data protection.
- Put your organization on a path to embracing the principles of privacy by design (PbD).
Organizations are often inclined to save everything. Relatively inexpensive on-premises and cloud data storage is burying companies in excess data and raising security red flags in the process. Find out where dark data is lurking and regain control.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.