Data is crucial to an organization’s success. But the more information an organization manages, the more risk it carries. An organization may hoard corporate data assuming that it’s better to keep it for litigation purposes or that it’s cheaper and easier to store it than destroy it. More than often, though, this is not the case.
Most corporate data outlives its use very quickly. Only a few industries need to retain data indefinitely. Once data is no longer deemed valuable, it becomes a liability, one that could expose an organization to extreme risks.
Digital transformation is taking hold. According to New Vantage’s 2019 Big Data and AI Executive Survey, 91.6 percent of organizations are investing in big data and AI. Businesses today not only have tape backups and hard drives to contend with, but they also have mobile devices, memory cards and now, more than ever, virtual environments. Today we are producing more big data than ever before and at an increasingly fast volume. No matter what data a company produces, managing data through its entire lifecycle is vital to ensure an organization’s security and compliance.
The dangers of data
Whether it’s customer, employee or corporate data, the more data an organization manages, the more risk it carries. The last few years have seen a substantial increase in cyber-attacks, with the main purpose to steal corporate data and set a ransom for its “safe” return. In fact, the a report by McAfee states that in the first quarter of 2019, ransomware attacks grew by 118 percent. And not only was there a significant rise in the number of attacks, but there were also several new ransomware families appearing – showing that cybercriminals are using more innovative techniques to cause chaos.
Organizations should consider not only the risks of data exposure but also the cost of protecting the data in the first place. The more data you have on servers, backup tapes, and mobile devices, the more investment you need to make to ensure it’s secure. Cybersecurity needs to be a top priority for businesses of any size to protect itself again the ever-evolving threat network. According to ISACA’s State of Enterprise Risk Management 2020 study, 53 percent of respondents stated that they had seen increased risk to their organization over the last 12 months. Additionally, 29 percent claimed cybersecurity is the most critical risk category facing enterprises today, and 33 percent believe that information/cybersecurity risk will be the most crucial category of risk facing their organization in the next 18-24 months.
An organization should not only be wary of the cost of cybersecurity and the potential risk of data breaches. There are also less measurable elements an organization should consider. These include the cost of procuring and maintaining data storage and backup equipment; the cost of preserving personnel processes and software to manage data storage, backup and archiving; and the time and resources of workers who have to sift through unnecessary data to find relevant information.
Lifecycle data management
To effectively mitigate the risk of data exposure and avoid the costs of storing and handling unnecessary information, an organization should implement an end-to-end process for managing its information from creation to disposal. Data lifecycle management comprises of a strategy, process and technology to effectively manage information, improving the control over an organization’s critical data.
A lifecycle management program can benefit an organization by reducing risk, improving service and saving on costs. Typically, the data lifecycle includes six phases:
- Create – Data creation occurs throughout organizations. It can take place on-premise either in your data center or on employees’ devices or externally in the cloud. Protecting your data during this phase will include access controls such as passwords, threat scanning for viruses, and data classification that will specify the data type, its location, how it should be protected, and who has access to it.
- Store – Once data has been created, it is typically stored on a computer hard drive or in a datacenter. Storage also involves near-term backups that must also remain protected. Storage protections include access control around who can read and overwrite the data, device control such as data encryption, backups to protect from data loss, plus security measures to protect the backups themselves.
- Use – During the ‘use’ phase, data is accessed, viewed or processed. Protections during data usage include access control, encryption, data rights management for copyrighted information and data loss prevention, which involves software and business rules to prevent unauthorized access to sensitive information.
- Share – Data is often shared amongst internal employees and to corporate partners outside of the organization. Data sharing can occur through the network, via removable media, or across the internet via transfer sites or email. Data sharing safeguards involve access control, encryption, network security (firewalls/intrusion detection) and data loss prevention. When organizations are dealing with third-party vendors, they should have clear measures in place for data removal and verification after services have ceased.
- Archive – For short-term data protection, all data must be backed-up regularly, either onsite or offsite. When an organization needs to retain data for the long term, it can be archived to tape or disk media and placed in remote, secure locations.
- Destroy – When an organization’s data reaches the end of its life, it must be permanently erased. Determining which data is erased, how it’s erased and how that erasure is verified depends on several factors, such as content type, usage needs and regulatory requirements.
Lifecycle management in your organization
Without a data lifecycle strategy in place, an organization is leaving itself exposed to serious security risks and costs. Lifecycle management shouldn’t be the responsibility of just one department though; there needs to be a collaborative approach that involves all the stakeholders of the business.
Today, the cost of ineffectively safeguarding data comes with too high a price. Data breaches, damaged reputation, lost customers, downtime, and large fines are all potential risks for an organization that doesn’t effectively manage its data’s lifecycle. Those organizations that take the time to invest the necessary efforts and resources in data lifecycle management can minimize the risks and costs of their business-critical data at all stages.
Philip Bridge, President, Ontrack