Shedding Light on Dark Data: How Businesses Can Build Effective Data Governance

For many businesses, budgeting season has officially arrived. And if next year is anything like previous years, companies will spend up to 7.5% of their total IT spend on data governance, or managing data availability and security in their enterprise systems. . For large organizations, data governance can quickly become a $20 million line item.

But in a recent study, two-thirds of enterprise IT managers said managing structured data is their top priority, while unstructured data is less of a concern. That means a surprising number are likely leaving sensitive information unprotected.

Unstructured data, which exists in various forms in virtually every corner of an organization, is filled with hidden operational risks for businesses. Losing track of it means leaving the door open to bad actors and leaving a company unprepared for financial audits or other scrutiny.

In an era where cybercrime is at an all-time high, leaving unstructured data management on the back burner is no longer a wise option. Businesses need a data governance strategy that encompasses all of their information, regardless of format.

Fortunately, any business can take specific steps to manage all of the data it generates instead of narrowly focusing on a single set.

Understand your data

The first step to governing data is to understand it. This includes everything from survey results and maintenance reports to unused USB drives and handwritten notes.

A large majority of data (80% to 90%) is unstructured information, such as video, audio, social media posts, and scanned documents. Unfortunately, too many data programs allow this to exist as a blind spot. And without the tools to analyze this massive and growing category of data, companies are leaving vast amounts of valuable data on the table – and leaving potential risks unaddressed.

Real data governance means understanding where all that data is, how it’s stored, and who in the organization can access it. The first step to effective governance is to conduct a thorough digital inventory of all data. This should incorporate automation for scale, efficiency, and accuracy, and be viewed through a specific vertical lens so that nothing is overlooked.

Derisk your data

Once your organization has a thorough accounting of data of all kinds, it’s time to begin the risk reduction process.

In my company’s work with companies in various verticals, we’ve found that an inventory of all data typically produces a breakdown that looks like this:

• About 12% of business data is critical.
• About 23% of data is redundant, outdated or irrelevant.
• About 65% of the organization’s data is “dark” – unused and hidden in various networks, personal files, emails and other crannies.

Dark areas present cybersecurity risks to businesses, and these areas account for up to two-thirds of data generated by businesses. Rather than waiting for a breach to catalyze risk reduction of that data, companies should proactively invest in people and technology to remove, recategorize, secure, or otherwise manage dark data sets.

Dark Data: Educate Your Employees

Employees from the bottom to the top of the organization handle sensitive information, including codes, passwords, and financial data. Unsurprisingly, human error is one of the biggest culprits in data breaches.

For this reason, data security training should become a mainstay of any professional training and start from day one. Security policies should become second nature to everyone in the organization, from the administrative assistant to the CEO. Establish formal procedures and update them as needed.

Use intelligent policy management

An effective data governance structure is essential, and acquiring data discovery technology is only the beginning of creating one. Your organization also needs experts who can serve as data owners and custodians.

Because a deep data inventory can mean accounting for and managing up to 100,000 unstructured files, ownership and management roles cannot simply be added to executive job descriptions. Instead, building data privacy, protection, and security by design requires automation and expert attention.

Think of violations in terms of when, not if

There are a record number of bad actors circling the digital perimeters of every business, and unstructured data is one of their favorite entry points. For this reason, companies need to think about when a data breach will happen, not if.

More than 80% of US-based companies have been hacked or hacked with the intent to steal or expose data, and the number gets worse when you look around the world.

The number of hackers and attempts is not expected to decrease, so it is up to companies to proactively prevent breaches. Considering them as a virtual certainty is a good start; this is not pessimism but realism.

However, even if the statistics are grim, your business doesn’t have to be there. Any business can take steps to ensure the security of its digital perimeters.

Good enterprise security starts with understanding where the risks lie, and an inordinately high number of them reside in your industry-specific unstructured data. This data may seem difficult to collect and secure, but the right combination of technology, industry knowledge and human expertise can make it happen.

Organizations should keep unstructured data in mind when budgeting for data security. And by following these steps, companies can ensure that this type of data no longer serves as a “welcome” sign to those who would harm them.

Daren Trousdell is the President and CEO of NowVertical group.