A Strategy to Protect Unstructured Data - InformationWeek
IoT
IoT
Software // Information Management
News
9/16/2010
03:53 PM
Adam Ely
Adam Ely
Features
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

A Strategy to Protect Unstructured Data

You've got data everywhere. We've got a plan to help you find and control it.

InformationWeek Green - September 20, 2010 InformationWeek Green
Download the entire Sept. 20, 2010, issue of InformationWeek, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

Protect Unstructured Data

IT organizations are well aware that sensitive information resides in corporate databases, but unstructured data--e-mail, Office documents, and other content types--can be just as valuable and need protection. The challenge for IT is that unstructured data is growing at a breakneck pace--a compound annual growth rate of 61%, according to IDC, almost three times the growth rate of structured data. It's also scattered throughout the enterprise: in folders on file servers, on laptops, and tucked inside USB drives. You need a strategy for securing it.

Start by understanding the types of content in your company, and the value it has to the business. If your company handles credit cards, then you automatically think of PCI. Your nightmare is credit card numbers sitting on a file server for anyone to find. If you're in the medical field, HIPAA and patient records are a top concern. Other important data types are customer and employee personal information, intellectual property, and operational data.

These groupings are broad but give you enough to build on. The main idea is to understand the types of data and how you will respond once each type is discovered. Once you compile a basic list, work with representatives from IT, legal, compliance, HR, finance, and business development. They will identify data you've forgotten or didn't know about.

Next, map your data types to a classification and handling policy that outlines how groups of data should be managed. The most common mistake we see when IT groups write these policies is specifying exactly how data should be protected. That approach is inefficient and causes more work for you later. Instead, provide a range of acceptable measures rather than mandates. For example, if your company prefers that data in transit be encrypted using SSLv2, but it also will accept the use of TLS 2.0, put both options in your policy. This makes the policy much more flexible for those implementing the protection. That's critical, because if they can't work with you, they'll work around you.

One last note on data classification policies: They often fail because all documents are tagged as confidential, devaluing the policy. Your classification system should differentiate between valuable information that carries a high level of risk and other information that may be sensitive but carries less risk if exposed or lost.

Searching For Unstructured Data

The next step is finding the data. This can be tricky. You know where it should be stored, but because information is so portable, it has a habit of turning up in unexpected places.

To read the rest of the article,
Download the September 20, 2010 issue of InformationWeek


Protecting Unstructured Data

Become an InformationWeek Analytics subscriber: $99 per person per month, multiseat discounts available.

Subscribe and get our full on protecting unstructured data free for a limited time.This report includes 14 pages of action-orientated analysis, packed with 5 charts. What you'll find:
  • How to set up a data classification and handling policy
  • Tips on searching unstructured data sources

Get This And All Our Reports

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll