Intelligent Tech Channels Issue 17 | Page 53

EXPERT SPEAK Two sides of unstructured data Risk and value are two sides of unstructured data, especially important in GDPR, explains Nigel Tozer at Commvault. I n life, we generally think we know the value and corresponding risks associated with things we own and take reasonable precaution to protect them. Unfortunately, we do not always get things right, which is much truer of data than it is with our possessions. It is entirely possible to let your kids play with something that looks like a piece of junk, or leave it in a poorly secured-out building, when in reality it is actually a valuable antique. This might not be a commo n occurrence in our lives, but with data you can be sure of a cast-iron guarantee that this is the case, and often at an unimaginable scale. I have seen many instances where companies have no clue where sensitive data is held, and are aware they do not know, yet take no action. I have also regularly seen the complete opposite, where a business is fully aware of how important a data set is, but it is not secured as it should be because it is always been done that way, or because an individual expects to work in a certain way. Unstructured data – files, media and documents – typically account for 70–80% of an organisation’s data, and just as I mentioned above, you do not always know its value. Or as we are looking at it here, the corresponding risk. The problems are numerous including: the sheer volume of unstructured data, ease of copying and moving it, the myriad locations in which it can be placed, the large number of applications that interact Nigel Tozer, Solutions Marketing Director for EMEA, Commvault. with it, poor controls due to the historical acceptance of not managing it in a better way, and lack of a mandate for IT to better manage it. All of these points combined add up to big risks and possibly even bigger costs. Under GDPR, retaining data forever is off the table, and so is a failure to understand uses and locations of unstructured data that contains personal information – which, let us face it, could be any of it. This is why it is important to look inside all of your unstructured data, even on laptops and in the cloud. So that once it is profiled it can be secured, retained for use, or disposed of appropriately. With ever-increasing data volumes, policy is necessary, education is great, but automation is critical. Having risk-based dashboards and implementing automated policies based on content means that if you are breached in systems deemed to be low risk, the actual risk of important data being compromised is minimised. If it is a more secure location that is affected, having sensitive data heat maps – plus a content index and search tools at hand – means you can then meet the seemingly impossible 72-hour breach notification period of GDPR. This is where solution platforms can really help, and it is one of the areas of GDPR and many other global data- breach laws that is almost impossible to protect against manually or by applying new working practices alone. One-off assessments are not suitable either. You really need on-demand dashboards, risk- based alerts and the ability to automate processes to be effective. When I mentioned the antique, I talked about value. But data breaches are really about risk. I did that on purpose. The point I am making is that risk and value are two sides of the same coin. If you understand your risk profile, you might just also be in better shape to effectively use or dispose of that data that has been sucking your resources for all these years.  53