Best Practices for Protecting Sensitive Data Without Burning out the IT Staff

Manually managing and protecting unstructured data is guaranteed to exhaust and frustrate even the most seasoned IT pros. To begin with, there is simply too much of it. The data on shared file systems and SharePoint sites – things like spreadsheets, presentations, multimedia, etc. – accounts for about 80 percent of business data. This data grows at over 50 percent per year and, according to analysts such as Forrester, goes stale a few months after it was created. When you combine patterns like those with constantly changing user access requirements, manual processes simply won’t keep up.

The only viable approach is to apply automation and intelligent analysis from solutions that are tailored to address unstructured data governance.

Below are five ways organizations can reduce labor-intensive data management tasks while maximizing labor and cost savings.

Use automation to find data owners and give them control

Data owners are critical to the process of properly protecting and managing data and can help reduce IT workload. They understand what the data is, why it’s important, and how the data should be maintained and secured. The challenge is identifying and keeping track of data owners. Solutions such as Varonis DatAdvantage help determine data ownership by keeping a comprehensive audit trail of who is accessing the data. In just a few weeks, the top users of data emerge and are able to identify or claim ownership.

Once you have identified owners, simply providing them with information about their data will lighten IT workload. When owners see who has access to their sensitive data and who has been accessing it, they are motivated and equipped to help reduce access so that it is based on business needs. As owners participate in the process of protecting their data, they typically recognize the value of taking responsibility for their data, and are keen to help establish and enforce meaningful data protection policies.

Automate access control clean-up

Access to unstructured data tends to be too wide open in organizations. Varonis system engineers often find that data at customer sites is accessible by large numbers of people who do not have a justified business need. In general, this is because access permissions simply do not keep pace with business changes and data dynamics. Part of the reason is that file systems, operating systems and directory services all interoperate, but do not function as a unified system. Consequently, there’s no inherent way to ensure that permissions are consistently reviewed, assigned, changed or revoked.

Automating these steps – especially if data owners are involved – can help IT organizations ensure that data is protected and that the data protection workload is shared across the organization. Solutions such as Varonis DatAdvantage can identify overly accessible data and even point out those users and groups who should have their access to data revoked. Data owners simply need to review reports containing this information and confirm with IT that access should be revoked.

Automate manual data governance procedures

Once data owners have more control over their data, organizations can further extend labor and cost savings by automating data governance processes such as entitlement management and reviews (“attestations”). Using entitlement management workflow applications such as Varonis DataPrivilege, organizations can have data owners decide directly who gets access to their data and for how long. Doing that eliminates the time IT spends brokering and managing these requests. Furthermore, periodic data owner reviews can be scheduled and audited, enabling IT staff to ensure data is being protected without having to do much of the day-to-day administrative work.

Automate data audits to monitor ownership and content changes

No one appreciates unanticipated problems, or “fire drills.” Rather than waste time in a reactive mode when problems occur, it pays to continuously track data owners and content changes through comprehensive access auditing. Businesses that take the time to identify and assign data owners will find themselves well positioned when problems emerge, as they inevitably do. Organizations are also well served by undertaking projects to classify content. This helps identify the most sensitive data, remediate any problems and implement proper controls. By automating these tasks, and performing them regularly, organizations can identify and address problems before they occur.

Automate stale data identification

Though 70 percent of unstructured data goes stale after three months, the data remains the responsibility of the IT staff, and is part of their data management workload during such tasks as migrations, backups, etc. Organizations can reclaim wasted space and save the time of IT staff by automating the process of identifying this stale, unused data. The most direct way to do this is through comprehensive auditing of all data access by all users. When access to a data set tapers off and then stops completely, it’s time to archive or delete that data.

Conclusions

Unstructured data is simply too massive and dynamic to process and manage manually. But most organizations task their IT staff with doing exactly that. Worst of all, by not keeping pace with data growth and changes, the data itself becomes vulnerable. By following the best practices outlined above, organizations can reduce IT workload and increase data security.