Eight Steps to Securing Unstructured DataBy Ericka Chickowski | Posted 2009-09-25 Email Print
As channel partners try to come up with ways to help their customers mitigate the risks posed by uncontrolled unstructured data, Channel Insider suggests they think about eight critical steps posed in a recent report, Securing Unstructured Data.
As your customers continue to leverage mobile devices and laptops within and outside of their environments, many of them have experienced unparalleled productivity within recent years. But with these gains come significant risks.
As IT assets become scattered to the winds, so too does the valuable data that these assets carry.
According to the Aberdeen Group, approximately 86 percent of enterprises have experienced year-over-year growth in unstructured data across their organizations.
Additionally, 56 percent say that they’ve experienced year-over-year growth in mobile endpoint devices. Without proper policies, people management and technology controls, that convergence poses a serious threat to organizations.
As channel partners try to come up with ways to help their customers mitigate the risks posed by uncontrolled unstructured data, Channel Insider suggests they think about eight critical steps suggested by Aberdeen analyst Derek Brink in his recent report, Securing Unstructured Data.
Identify and Classify Data
You can’t secure data if you don’t even know what kind is under your stewardship.
As Brink puts it, "knowing what you have and where it is correlates strongly with Best-in-Class performance in protecting and managing unstructured data."
Prioritize Security Control Objectives
Once organizations have established what kind of data you need to protect, it’s time to prioritize the data based on risk and develop security goals for each step in that prioritization pyramid.
"Not all data is worth being protected; you should prioritize the protection of the data with the greatest impact on the business," Brink says.
Establish Consistent Policies
Clear risk-based policies will help you achieve those security objectives you came up with during the prioritization phase. Brink believes that organizations need to have policies that cover access to unstructured data, distribution of unstructured data and actions which may be taken with unstructured data.
Select and Deploy Data Protection Solutions
Too many of today’s enterprises focus security solely on network protection. In order to truly protect the data, the paradigm must shift to information-centric protections such as DLP, full-disk encryption and database security.
Invest in Documentation, Awareness and Training
"Investments in technology to help protect data can be significantly eroded by insufficient investments in the people and process side of successful implementation," Brink writes.
Enterprises need to clearly explain policy, the reasoning behind it and enforce security principles in order for that message to 'stick.’
Assign Clear Ownership and Accountability
Often organizations fail to accomplish data security objectives because there are too many stakeholders and not enough accountability. A cross-functional team in charge of the effort greatly improves chances for success.
Paper-based policy does nothing to keep the ignorant and the scofflaws from breaking the rules. Technology that automatically enforces policies is essential to making them meaningful—and they’re key to keeping the auditors happy.
Measure and Monitor
This step is not only important for documenting regulatory compliance. It can also "drive continuous improvements by finding and eliminating root causes for exceptions, security events and audit deficiencies," Brink writes.