The COVID-19 quarantines motivated many organizations to shift to cloud computing.
While many execute haphazard transitions, why miss an opportunity to improve? Data generally increases in importance, but the specific data we keep can be as worthless as year-old spam emails, and as critical as the passwords for our bank accounts.
Is our cloud transition moving critical organization data, or is it simply copying terabytes of junk that no one needs? Before making the move, consider these three costs hidden in the unmanaged data.
1. Unknown Data Exposure
We often designate folders on shared servers to store our critical data.
However, during data breaches, organizations often discover costly surprises of critical data that wanders into the wrong places.
For example, a municipality might discover consumer credit card numbers in a hidden excel column of an accounting report– after it is posted on a ransomware attacker’s website. Instantly, an innocent oversight becomes a PCI violation that generates significant costs beyond the expense of the attack.
Law firms don’t regularly worry about HIPAA, but what if a senior attorney downloads patient health records related to a malpractice suit onto a USB drive – and then drops it in a taxi? The firm and the attorney could find themselves with many new and costly troubles from potential HIPAA violations.
Many data regulations require us to specify and secure critical data, but users often fail to follow policy and procedure when it becomes inconvenient. Fortunately, organizations are not helpless.
First, endpoints can be managed and monitored for data copied outside of the network to USB drives or to shared file services such as Dropbox, Google Drive, etc. Monitoring data migration also helps provide early warnings for non-employee data copying, such as when attackers exfiltrate data prior to a ransomware attack.
Second, there are data classification tools and methods that enable search for numerical patterns (social security numbers, credit card numbers, etc.). Commercial data classification tools can also scan for proprietary information throughout the organization’s data to locate critical corporate information.
However, organizations seeking tight control may need to conduct user interviews. Software packages searching the company resources cannot reach or reveal the ubiquitous USB drive or the common web file services that may have been used prior to user monitoring.
2. Hidden Liabilities in Stale, Unmanaged Data
The low cost of data storage means that many organizations never throw data away. Companies now store terabytes of information, and much of it is neither used nor examined.
In addition to the costs of storage, this data can also contain liabilities for the organization, ranging from the embarrassing to the criminal. For example, in only 1.7 GB of data seized from 150 senior managers of Enron investigators found not only illegal activity, but also evidence of sexual harassment, extramarital affairs, and a huge amount of data containing personal information such as personal bank statements, medical test results, and even pay stubs.
Although most organizations do not conduct illegal activities, holding evidence of an employee’s bad actions or retaining unneeded personal information is an unnecessary legal liability. While some legacy data must be retained by regulation, or to support the business, many attorneys recommend maintaining the minimum amount of data wherever possible.
3. The Data Iceberg for the Litigation Budget
The third hidden cost is simultaneously more boring and more costly, simply because it is the most common.
While many companies keep stale data, most do not suffer data breaches or have their hidden liabilities revealed. However, every reasonably large organization can expect to be periodically involved in litigation.
Data requests from opposing parties can require the delivery of all of the data for a set of employees or departments, and decades of junk data will explode legal costs when it costs ~$18,000 per gigabyte to process, search, host, and review the data for the case.
We can implement policies and software settings to delete unneeded information automatically. Some companies, such as Toyota, set up their email to be automatically deleted after 60-90 days.
While employees can still save emails to a file server, the automatic deletion policy eliminates future issues.
Ready with a Helping Hand?
Only you can define the critical data for your organization and who should have access.
Unmanaged data can be costly, and it can also impact your entire company. When you’re ready to migrate that data to the cloud, be analyzed for use, or be monitored for access, Ideal Integrations and Blue Bastion can provide the necessary support.
Do you want to lock down your USB ports on company workstations or monitor data transfers through the internet? Our experienced engineers can implement local device controls and monitor the data flow.
Interested in automatic deletion of older unmanaged data? We can discuss your options and help execute your plans that can save money and save the organization from future headaches.
Regardless of your specific problem, consider checking with Ideal Integrations or Blue Bastion to find out what types of solutions we might offer to help your organization clean up their data and stay safe, 24/7/365.
Call us today at 412-349-6680 or fill out the form below!