Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementSecurity Education & Training

The Truth about Unstructured Data

By Deborah Kish
Top 3 Misconceptions About Data After Death - Security Magazine
July 29, 2019

The exponential growth rate of unstructured data is not a new phenomenon. While the hacking of a database to steal sensitive credit card or personally identifiable information is what dominates the headlines, the reality is that a large amount of an organization’s intellectual property and sensitive information is stored in documents.  But they are unsure of where it resides or how much of it they have.  And worse yet, it is accessed, shared, copied, and stored all in an unprotected state.

Managing and controlling unstructured data is by far one of the most challenging issues of data security for enterprises. All personally identifiable information and other sensitive information, corporate or otherwise, should be protected with encryption and persistent security policies so that only authorized users can access them.  In this article, I will discuss the key drivers behind the influx of unstructured data in enterprises, the risks associated with not properly managing and securing unstructured data, as well as best practices for document protection.

Unstructured data is not dark data (although it can be depending on your definition of dark data) or social media, but it is the collection and accumulation of documents (files), emails as a file in a folder, and file sharing that takes place every day in businesses around the world. It’s the on-going creation of everyday information pulled from structured databases and saved in a variety of formats from Microsoft Office files, PDF, and intellectual property such as CAD drawings – photos and graphics – created for internal use, drafted for external use, and/or published via social media and other channels, just to name a few categories.

According to Search Technologies, eighty percent of data is unstructured, yet the issue of securing unstructured data is still low on the security radar. Adding to the chaos of unstructured data are numerous challenges, including stricter regulatory requirements; protection of intellectual property (IP) and trade secrets; disparate security domains beyond traditional corporate WAN/LAN into cloud, mobile, and social computing; and preventing threats by insiders, both accidental and malicious.

Traditional security has focused on preventing a breach of the enterprise perimeter with layers of physical and electronic security, using a range of tools such as firewalls, filters, and anti-virus software to stop access. Once those measures fail or are subverted, intruders gain access to all the (figurative) candy in the candy store and potentially “crown jewels”.

The first attempts to deal with unstructured data came via Enterprise Digital Rights Management (ERDM) systems. Such dedicated systems typically didn’t work well with existing workflows, required training, needed staff time to manage, was often not realistically scoped and had unforeseen negative impacts on other IT functions. At the end of the business day, ERDM projects were often stranded at the security doorstep.

A better approach is to accept the free-wheeling chaos of unstructured data and adapt technologies that find it in the enterprise, classify and prioritize it, and protect it via encryption with policies on who can see or access the data.

The first step is discovery, using a scanning process to analyze file information across enterprise files, discovering unprotected files and looking for sensitive information. A scanning process can be instructed (on an automated basis) to review certain types of files, such as Microsoft Office (Word, Excel, Powerpoint), images, PDFs, CAD drawings, as well as the names and contents of files that match regular expressions or keywords. In addition, discovery can include analyzing unprotected data files along with files that have been encrypted by a protective process and “watermarked” with a digital rights management (DRM) token. Discovery of unstructured data is a constant process, analyzing data in motion between computers and networks, data at rest (storage), and data in use when a document is opened, with the potential for data to be shared, printed, copied, or saved in an alternative file type (i.e. word to pdf).

Securing unstructured data via encryption is a necessary and logical step, but encryption alone is not enough. A more robust approach adds a unique “tag” or embedded ID into the encryption process to the final protected file, providing the basis to track changes to and copies of files and provide user access policies through a centralized corporate file management process. The embedded tag can be used to restrict access to data in the encrypted file to a specific user or designated classes of users, as well as providing the ability to trace the creation and migration of data from one computer within the enterprise to anywhere else within or external to the enterprise, from endpoints to clouds and backup storage locations.

Unique tags can also be used within a centralized file management process to easily revoke access to all file derivatives and renamed copies wherever they reside within or even outside of the enterprise. Tags also provide the capacity to limit access to data regardless of location. As unstructured data is continuously on the move, it becomes one of the most at-risk assets in the organization.

KEYWORDS: cybersecurity data protection encryption loss prevention

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Deborah kish

Deborah Kish is Executive Vice President of Marketing and Research at Fasoo. She is responsible for leading Fasoo’s research and marketing strategies in the unstructured data security and privacy space.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data-center

    Strengthening the frontlines for unstructured data security: Protect it first

    See More
  • Turnstiles in train station

    Speed vs. security: The truth about weapons detection systems

    See More
  • Server with network data graphic overlay

    Are you in the dark about dark data?

    See More

Events

View AllSubmit An Event
  • November 17, 2025

    SECURITY 500 Conference

    This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing