One of my readers sent in this picture from one of their offices. They are moving locations, so all of the file cabinets need to be indentified with clear owners. Take a look:
The pink labels (on every file cabinet) say “unidentified cabinet” – meaning the cabinet has no clear owner and the contents are unknown.
The contents of the cabinet could be important. or it might be outdated material that is just wasting space and should be disposed of. No one knows because the owner of the information isn’t known and the contents aren’t labeled.
We’re building electronic versions of this same mess in our data centers.
While we might have a fairly good handle on structured data in databases, we don’t have this same knowledge about what’s in our file shares and in our collaboration systems (like SharePoint).
Unstructured data is a blind spot.
Your first reaction might be “Doesn’t a file share show the “owner”?” Technically, yes, but in reality most of these are stamped with the administrator’s id, not the actual owner of the file. That’s like saying the facilities administrator has responsibility for all of these file cabinets.
How do we get visibility into the true owners of data and information? A couple of solutions are available to provide us this intelligence. Varonis has had this capability for a while across file shares and SharePoint. Imperva just released its technology for monitoring fileshares with SharePoint on the roadmap. Symantec released an interesting technology called Data Insight to help tackle the same problem.
As information security moves up the stack to protect applications and information, we’ve got to get a better handle on where sensitive information resides throughout its entire lifecycle – Data Lifecycle Protection.
Data (lifecycle) protection is the process of identifying and understanding where and how sensitive information is created, consumed, processed, moved, shared, stored and retired and protecting it throughout this lifecycle.
Without this, we end up looking a lot like the picture above – information filed away with no clear owner and no clear purpose.
Information is like inventory – if it just sits there, it’s a waste of resources.