In her “Top Breaches of 2019”, a security journalist asked if last year would “…be the worst on record?” It looks like 2020 could surpass last year’s breaches, but it’s not entirely due to consequences of the global pandemic. For sure, unprecedented levels of remote working has emboldened hackers to exploit new vulnerabilities, but there’s one very insidious risk that shows up year after year: the silent and unwitting exposure of sensitive data that no one notices… until it’s too late.
Of the top data breaches, most involved server and database exposure, unfortunately too often uncovered by hackers who immediately placed sensitive data for sale on the dark web. It’s a lucrative market that thrives because hackers know that many organizations – especially those that operate in multicloud environments – still don’t know where all their sensitive data resides.
A clear view of data must come first in today’s hyper-remote world
While data breaches may be inevitable, data leaks are avoidable, and steps can be taken to prepare and strengthen an organizations’ security efforts. To “know your data,” means to have a good understanding of where sensitive data is located through data discovery and classification. Without this important foundation, organizations cannot know what to protect, where it is, who can access it, when it was created and so on.
The good news is that the data discovery process has significantly improved over time resulting in greater effectiveness and efficiency. This clarity creates the ability to close security gaps and protect sensitive data entrusted to organizations. And today, with 74 percent of companies planning to permanently shift to more remote work according to a recent Gartner CFO Survey, being able to discover, classify, and protect data will help prevent the kind of costly disruptions that overwhelmed businesses at the onset of the pandemic.
Classification leads to informed security decisions
When data is discovered, it can then be classified (identified and grouped), based on specific patterns and algorithms. This provides IT professionals with the ability to make more informed decisions about security, data sharing, data access, digital transformation, cloud migration and remediation prioritization. Data shouldn’t be treated as though it all has the same level of risk, and data should be classified according to its sensitivity level—high, medium, or low.
Risk analysis builds a strong security foundation and strengthens compliance
When data discovery and classification are followed by risk analysis, the most comprehensive and holistic security foundation is built on reality. Risk analysis helps IT teams understand the sensitivity of data and then rank its level of risk. These capabilities also help organizations enforce data sovereignty and meet data privacy and security regulations like the GDPR, the California Consumer Privacy Act, PCI DSS and HIPAA.
Data discovery is essential for risk identification, minimization, and mitigation, enabling you to do things like:
- Build a comprehensive, up-to-date data inventory.
- Analyze and classify data according to risk category to prevent security breaches.
- Utilize efficient scans to discover structured and unstructured data across an enterprise.
- Prioritize remediation using data encryption and tokenization products.
- Leverage discovery and classification tools that help compliance teams demonstrate fulfillment to auditors and regulators.
- Adhere to data security and privacy policies and regulations that if broken come with costly penalties.
Across organizations, data discovery can reduce vulnerability for data breaches and theft, expensive non-compliance fines, and other unnecessary expense and risk.