In this special guest feature, Paula Long, CEO and co-founder of DataGravity, discusses how to migrate to the cloud while understanding the five W’s of your data (who, what, where, when, why). Paula brings more than 30 years of experience in high-tech innovation to DataGravity. She is an industry expert on enterprise data management, protection and storage. Paula has led two major shifts in data management and security- the first as co-founder and senior vice president of products at EqualLogic, where she lead the transition to automated storage management. This capability is now table stakes for any storage appliance, and EqualLogic was acquired by Dell for $1.4 billion in 2008. Paula remained at Dell as vice president of storage until 2010. The second shift took place when Paula became co-founder and CEO of DataGravity, a leader in data security focused on protecting data in virtual environments. She is a graduate of Westfield State College in Massachusetts.
The more you work closely with data, the more you realize it’s extremely fragile. Data is every company’s most valuable asset – everything from intellectual property (IP) that gives a company an edge over its competitors to complex customer histories and financial records, and beyond. Keeping sensitive data safe from destruction and misuse is paramount to business success; failing to do so can be painful, and in some cases, deadly to that business.
IT pros are well aware of data’s weighted role in their companies; they know that losing data causes the need to brush up their resumes. Still, some people – myself included – suffer from a certain phobia surrounding data security, possibly because we’ve been so up close and personal with the fallout that occurs when data is mishandled. In the past, data security usually involved a combination of perimeter-based protection solutions, such as firewalls and malware or virus detection tools. Diving deeper into data governance often added complexity to IT environments, killing performance and resulting in nonactionable information Today, however, an uninformed approach to data governance and analysis can – and likely will – lead to serious security issues and long-term company viability.
“Close enough” isn’t how data security success is measured.
IT and security pros alike need to approach data with a drive to understand it before they create rules on how to manage it. The joke that one size fits no one applies in spades to data security. The consequences of a security breach are dire – IBM reports the average breach costs $4 million, and its effects go far beyond fines, lawsuits and lost revenue. A company’s reputation and long-term viability are constantly at stake when security issues are raised. And yet, if organizations lack visibility into the location, activity and access levels regarding their sensitive data, it’s essentially impossible to protect that information from a breach.
To truly understand and secure sensitive data, and uphold the integrity of an organization, IT and security teams should focus on understanding the five W’s about their data: who, what, where, when and why it’s being used. Consider how data can help answer critical questions, such as:
- Who has been accessing critical customer information? Is it someone outside of sales, or someone who will leave the company shortly?
- What sensitive information is lurking in our (structured and unstructured) data?
- Where are our data boarders, where we maintain data that is in scope for regulatory audits, and data we have decided can be out of scope?
- When was the last time someone actually used the quarterly budget spreadsheet we spent time making?
- Why are we still keeping nonessential records from 10 years ago – especially when they contain old customers’ contact info?
If these questions seem straightforward, it’s because they are – and yet, many organizations lack the tools to help them dig into unstructured data stores, especially when they’ve gone “dark” with inactivity or exist within a virtualized environment. Shining a light on this dark data gives those companies an active defense against security breaches that may occur in the future, or may have previously been launched but are still undetected. (After all, 93 percent of data breaches noted in the 2016 Verizon Data Breach Report involved unauthorized parties gaining access to sensitive data within minutes or less – but it can take companies months, or even longer, to discover that a breach has occurred.) When a company is prepared to answer the five W’s about its data, it’s more likely to meet industry-specific compliance regulations, deploy effective data governance programs, recover quickly from instances of ransomware, identify and confront suspicious user activity, and more productively manage virtualized data, in addition to securing sensitive information.
According to the Ponemon Institute, more than 75 percent of all data breaches are a result of employee mistakes or malicious behavior. Data security doesn’t stop at an organization’s perimeter – it needs to be a living entity that permeates operations, employee behavior and business priorities within every company. When security and IT teams work together to become data aware, they set themselves up to support their companies, colleagues and customers well into the future.
Sign up for the free insideBIGDATA newsletter.