Illuminate Dark Data and Avoid Severe Security Risks

Written by

Data has been an important business currency for decades, and these days, it’s becoming something bigger. With the proliferation of internet-enabled personal devices, enterprises are able to amass huge amounts of data, and advancements in Artificial Intelligence and Machine Learning have given the most advanced players the means to tap into it.

This development has fueled growth and empowered organizations, but it has also given rise to the fallacy that more data is automatically a good thing.

The truth is much darker. According to IBM, about 88% of all data is “dark,” or unused by the organizations that collect it. A study by Vanson Bourne shines additional light on the issue, indicating that three in five companies bother to classify less than half of the data they store in the public cloud.

The fact that the data goes unused or unclassified isn’t ideal from a business standpoint, but it’s hardly a cause for alarm. The real problem is that, without knowing what kind of data they’re holding, these companies are very much unprepared to protect it.

The Consequences of Dark Data
The first half of 2019 alone saw the exposure of almost 31 million records, and those were just the public data breaches. Innumerable other security lapses occur every day that go unnoticed: I’ve seen instances in which organizations granted all employees, from interns to executives, blanket access to sensitive customer data in a CRM such as Salesforce.

A single disgruntled user or an ex-employee poached by a competitor could take a huge amount of valuable information on the way out the door, costing the company a fortune.

Other misconfigurations and oversights can result in similar leaks or exposures, and McAfee estimates that an incredible 99% of misconfigurations in the public cloud go unreported. Many of these are also entirely undetected. To start transforming your dark data from a liability into an asset, you simply must take stock of what you’re collecting.

Plenty of organizations have classification frameworks, but these are useful only if people are aware of them (besides the one or two people in the information security department who wrote them). Ignorance continues to lead to security lapses, typically driven by the prevailing attitude that someone else is taking care of it.

Particularly when companies implement platform-as-a-service solutions, it’s easy to assume that some entity in the partner organization is making sure systems are set up properly. While platforms such as Salesforce do offer robust security measures and granular control over data access, clients must implement and understand these tools in order to take advantage of them.

Without proper classification, it’s impossible to store data securely because you haven’t even defined what it is and who has — or should have — access to it. By classifying data, you can begin to create and enforce processes for handling it, including the ability to encrypt it and store it securely in a manner that meets your needs.

Left unsecured, dark data can morph into a mountain of consequences. To prevent that from happening, it’s imperative to define your data. You’re already dealing with other established data sources according to industry-specific rules and regulations, so adopt the same approach with your dark data in cloud platforms.

No matter what industry you’re in, auditors or compliance personnel will inevitably come knocking to make sure you’re taking the appropriate security measures. Don’t wait until that day comes to take action. Instead, talk to the right people and rely on the right tools so you can eliminate blind spots and create a posture that adequately defends all of your data.

What’s hot on Infosecurity Magazine?