Varonis warns the dangers of bad data management

Wednesday, 16 June 2021 13:04

By Varonis

GUEST OPINION: Varonis’ research found that on average, 53% of organisations hold stale data, 87% of companies possess more than 1,000 stale files, and 71% has more than 5,000. Such mismanagement may lead to breach of the law.

Before digital data existed, bad data management involved filing cabinets everywhere, stuffed to the brim, with piles of paper and folders strewn around the room. Nobody knew how to sort it out. In some cases, people did not even know where filing cabinet keys were kept.

However, all data in digital format does not, in itself, prevent a similar state of chaos developing; it just makes it harder to see.

Whereas hard copy data might be strewn in office and off-site archival storage, digital data can be spread between on-premises data centres and cloud services and even on individual’s devices.

The availability of storage-on-demand in the cloud has only encouraged bad data management policies, according to Varonis. No longer does physical storage capacity have to be bought, installed, and brought into service. It can simply be called up as needed, and made available to anyone, anywhere, any time.

Research conducted by Varonis found, on average, 53% of data held by organisations is stale, 87% of companies have more than 1,000 stale files, and 71% more than 5,000.

Such a disorganised approach to data management creates inefficiency, expenses, and risk. An organisation cannot protect what it cannot identify—and the consequences of data loss now extend beyond business impact: they could put a company in breach of the law.

Under Australia’s Notifiable Data Breach Scheme, any Australian company that loses personal data must notify the government and the affected individuals: a tough task if the business does not know what data it holds and where it is located.

Varonis warns that for Australian branches of European-headquartered companies, the consequences are more severe. Under the European General Data Protection Regulation (GDPR), any business that holds personal data must be able to give an individual access to their information, and remove that information if requested, or face heavy fines. This becomes an impossible task if the organisation has lost track of the data and all the locations it may be present in.

Research firm Gartner refers to improperly tracked and managed data as “dark data”—and the value of this dark data could be in the eye of the beholder. Data that has no value anymore to an organisation could be of considerable use to a company insider or an external attacker seeking personal, political, or monetary gain: for example, sensitive information about former or current employees.

It is incumbent on every organisation to either bring this dark data into the light or destroy it—and enforce the steps needed:

1. Remove or archive data that that is no longer of any value.
2. Monitor access to all data for signs of unauthorised access.
3. Limit access to data with a policy of ‘least privilege’
4. Take a hard look at the regulated, out-of-policy data lurking within files and remove or archive accordingly.
5. Do not assume data is safe in the cloud: it should be subject to the same monitoring and control as on-premises data.
6. Embrace and implement privacy by design (PbD).

Varonis stresses that if companies can’t see their data, they won’t know it has been compromised until it is used against them. Varonis recommends that the starting point is to have full visibility of everything on their corporate network.

The next step is to implement robust data access and data protection policies. Varonis says companies must use complex passwords that must be changed frequently and use two factor authentications.

Varonis found 38% of users had passwords that never expire. These give criminals an opportunity to crack passwords through brute force techniques or give them indefinite access if they obtain access credentials from a breach.

Varonis concludes that companies must know where their data is stored and protect it with strong password hygiene and data classification policies to benefit them in the long run.

Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

Varonis warns the dangers of bad data management