If data is the lifeblood of every organization, it also represents potentially critical business risk. To manage that risk effectively, organizations must apply strong protection to all their enterprise data. But first they have to find it all, and then classify it to understand the right level of risk exposure.
Unfortunately, this is easier said than done for many organizations thanks in part to the proliferation of “dark” or unknown data.
A data minefield
Data breaches represent one of the biggest cyber risks facing today’s organizations. And the bad news is that incidents are getting more expensive. Protecting the company’s number one asset should therefore be a no-brainer for any security team. But doing it effectively is far from straightforward. That’s partly because of the sheer volume of data in the modern enterprise, the distributed nature of IT networks and data stores, and the dynamic way data is used and reused.
The task is made even harder by the fact that unstructured data, often recorded informally and not tagged, comprises the vast majority of enterprise data today. Corporate structures may also work against IT teams, especially if business units tend to work in silos. And extra complexity and opacity is often introduced with mergers and acquisitions.
Perhaps one of the biggest threats to data security is the fact that anywhere between 50 and 90% of enterprise data is classed as “dark data.” According to Gartner, the term refers to “the information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes.” It’s often only even retained for compliance reasons. However, with little to no visibility into this data, organizations are exposing themselves to an elevated risk of:
- Accidental loss or leakage
- Breach by a malicious third party
- Regulatory action
- Reputational and financial damage (if it is leaked/breached)
- Loss of competitive advantage if trade secrets are spilled
Shining a light on dark data
To take the danger out of enterprise data, organizations need to find a more effective way to manage these risks. That must start with visibility, by running automated and continuous data discovery and classification. Then, organizations should apply strong protection like tokenization and format-preserving encryption—focusing on securing high-risk/high-value data first; especially regulated data.
comforte’s Discovery and Classification solution is an increasingly popular choice for enterprise IT security teams. Its proprietary passive network packet capture identifies sensitive data wherever it is—in databases, applications, file systems, log files and other repositories. The solution then runs a comprehensive scan of those repositories to get full visibility into the data environment. With comforte, organizations can:
- Discover known and unknown (dark) data
- Find all types of data, regardless of type, format or location (structured and unstructured, cloud and on-premises based)
- Understand near real-time sensitive data lineage and the business context of any sensitive data element in the environment
- Gain complete visibility of the usage of every data subject’s information
- Understand when sensitive production data is found outside of production environments
- Automatically generate a full master catalog of sensitive data in near-real time, including to whom it belongs and where it is processed, stored and used
- Implement measurements, monitoring, and enforcement tools to govern the usage of sensitive data
- Understand how records from across the enterprise come together in unique data subject records. These records can be compared with known business usage to confirm known, managed PII