By Spencer Young, RVP, Imperva
‘Data is the new oil’ is old hat. Data is so plentiful these days that it’s more like the new air. Our society runs on digital information in ways that would have been utterly imaginable just decades ago. Data runs through everything we do, and the amount in circulation is only going to increase.
To put the sheer amount of data that’s whizzing around in perspective, we currently generate about ten zettabytes of information globally every year. That’s ten trillion gigabytes, which equates to about two trillion DVDs or 62.5 billion iPod classics. If you stacked those iPods on top of each other, the tower would be 812,500 kilometres high – more than double the distance to the moon. That’s a lot of data.
Give it six years, though, and we’ll be producing eighteen times that amount – 180 zettabytes for every trip round the sun. Now you’ve got 1.2 trillion iPods. The stack is 14.6 million kilometres high. At that rate, it’d only take three and a half years to fill enough iPods to build a bridge to Mars – and Mars is a really long way away.
Using data effectively
The relatively sudden availability of all this information begs the question: what on Earth (or Mars, for that matter) are we doing with it all? For businesses, the rise in available data should be a strategic benefit – the more you know, the more intelligent your decision-making should be. That’s the theory, but is it the reality?
We pay a lot of money for data collection, hosting and maintenance, so how do we go about creating a data driven organisation that reaps the rewards of data analysis and insights? By going through the process of discovering where your most valuable data is stored, you can actually use compliance mandates as an opportunity to put data at the centre of your business.
Compliance programs, such as preparing for GDPR, provide the right level of impetus for your organisation to investigate and locate sensitive data so that you can efficiently protect these assets. By getting a better handle on where your sensitive data sets reside, and the best practice processes for overall security, you’re creating a data governance program that provides greater control over your data assets.
In any data governance and compliance prep program, the first step will involve an assessment of your current data environment. This should include a few different steps, starting with a discovery process and comprehensive inventory of all of your known and unknown data repositories. You’ll then need to look at how data flows within your organisation, including all of your touch points and sub-processors, before mapping out your current security and compliance technology to see where any gaps might be hiding.
For most organisations, this level of data discovery and inventory of sensitive data isn’t a process they can realistically perform manually. Many will have a combination of large and disparate database environments, so the first technology investment to look into should be in data discovery and classification.
The other important point is that data is increasingly dynamic by nature. That’s why your discovery and classification process should be occurring on a regular basis, as the nature of your data will continue to change.
But going through this process then provides you with actionable results for ongoing audits and compliance reporting. If you can leverage automation within these processes, you can also transition from basic discovery and classification to policy application, activity monitoring and user rights management – the next step in developing a robust, layered security posture.
When implemented effectively, layered security allows businesses to significantly reduce the amount of private data they manage, improving overall business efficiency.Layered security also drastically reduces the risk of a data breach, while facilitating a rapid incident response and reporting process to ensure compliance with the breach notification requirements.
To ensure they get real value out of their compliance projects, companies need to ensure that their data privacy solutions meet key components of these regulations out of the box and provide the most effective automated data protection available. The best security systems help companies to understand where databases are located and what type of information they hold by automatically scanning enterprise networks – making the process of regulatory compliance smoother and giving companies a deeper understanding of what’s going on inside their systems.
With so much data now in play, businesses must prioritise the creation and maintenance of a detailed, real-time inventory of data scattered across their organisations and enable automated, scheduled scans and holistic identification of sensitive data. Once these processes are in place, the company will not only benefit from a lighter compliance admin load, but also from a more joined-up, data-centric approach to running the business.
Like all digital services, cybersecurity has a key role to play in building an effective data-handling strategy for the new data age. Businesses must take action now to ensure their defence systems are supporting the overall effort to make the most of data – as securely as possible.