Information Governance

File Shares and File Fumbles

How strategic file analysis can increase file security

How strategic file analysis can increase file security

Sony Pictures, JP Morgan, Target, Anthem, Ashley Madison… the list of debilitating cybersecurity breaches that have flooded the news over the last two years goes on and on. Yet with the business focus on data breaches coming from outside the firewall, organizations have quite successfully managed to bolt the front door, all while leaving the backdoor and windows to file shares wide open!

In short, there is a lot of focus on the external threats to business data, but not nearly enough focus on internal risks.

The Internal Threat

At a SINET conference two years ago, I heard a former CIA Director cite that while 98% of the security market is focused on protecting the firewall – that is, locking the front door – historically, 90% of the most harmful data breaches have been internal. Imagine that: only 2% of the market is focused on 90% of the problem! His prime example, of course? Who else but Mr. Edward Snowden. Few data breaches can compare to the havoc he single-handedly wreaked by just walking out with some of the most sensitive information the NSA was holding.

For 17 years, ZL has had a laser-focused mission of helping organizations protect, secure, and govern their most prized asset: unstructured information. While much of the focus has been on managing this data for the purposes of eDiscovery, compliance, records management, and archiving, ZL has also realized that the majority of the risk organizations face is due to the troves of data that was left unsecured, much of which shouldn’t have been retained in the first place. In particular, we saw one of our major enterprise customers go through one of the most publicized data breaches in history: a breach that could have been prevented if the organization had taken better routine care and security of files. Hence, the advent of ZL’s powerful file analysis platform.

The “Snowden risk” remains the number one challenge for the enterprise where unstructured data such as file shares continue to erupt in volume – completely unmanaged and ungoverned. For years, we have collectively highlighted the “eDiscovery review cost” and “storage savings” argument in an attempt to clean out our mountains of unmanaged data, but at the heart of this issue lies governance and security. Expenses for eDiscovery and storage do indeed pale in comparison to an internal data breach that has seen companies shave off billions of dollars in value within weeks. Ironically, many of these internal breaches are NOT intentional, but that fact holds little ground with regard to the implications of employees walking out with highly sensitive information assets – unintentional or not.

Managing the Unknown

Unstructured information – such as files, email, social media, instant messages – hold truly unique value as “human created” content, distinct from the structured data generated by machines. Nothing matters more to an organization than their human capital; the petabytes of unstructured data in file shares is a true manifestation of just that. While we have taken extensive measures to protect our CRM systems and other repositories of “sensitive information,” our most prized intellectual property is sitting in file shares unbeknownst to us. And it’s often unsecured for anyone to access and walk out with!

The ZL Unified Archive platform has helped hundreds of organization get a handle on managing information they are aware of but as big data – largely unstructured content -- continues to explode, the key challenge has become “we don’t know what we don’t know.” The result? Petabytes of “dark data” that holds as much risk as it does value: neither of which is adequately addressed.

After all, how can we put policies in place without visibility into the very data we want to govern?

Solving the Dark Data Problem

ZL strives to empower clients with the information they need to make the most effective business and governance decisions. Through File Analysis and Management, ZL has managed to shine a very bright light on the organization’s “dark data” to allow for:

  1. Securing of critical information assets
    1. Ensuring data is secured and accessible on a “need to know basis”
    2. Remediating user access to sensitive data that in fact they shouldn’t have access to
  2. Identifying critical data for the business
    1. Clearly identifying records that need to be secured and retained long-term
    2. Discovering litigation-sensitive data to ensure a comprehensive eDiscovery process
    3. Preserving relevant data for litigation and regulatory purposes to ensure defensibility
  3. Cleaning up the junk
    1. Identifying redundant, outdated, and trivial (ROT) information such as Grandma’s recipes and baby pictures
    2. Identifying high-risk data that is not required to be retained for business, legal, or regulatory purposes
    3. Defensibly disposing of content to minimize risk of internal data breaches, reducing downstream eDiscovery costs, and minimizing infrastructure expenditure

Data governance is the lynchpin to securing information assets and ensuring the organization leverages its data in the most optimal manner possible. With file analysis, ZL can offers a complete end-to-end solution for data governance, regardless of the type of data or its location. Most importantly, this brings hidden “dark data” to light, in support of all areas of governance: records management, eDiscovery, regulatory compliance and true data security.

At the end of the day, we cannot govern our data without complete visibility into it. After all, how can we slam door the backdoor and windows without knowing where they’re located? With file analysis, we can accomplish just that.

Farid has extensive experience working with Fortune 500 organizations in establishing and implementing governance strategies spanning across eDiscovery, Records Management, Regulatory Compliance, Data Analytics, and broader Enterprise Data Management initiatives. In particular, he has focused on working with regulated industries such as financial services, insurance, healthcare and pharmaceuticals to implement robust, long-term technologies to complement their overall governance strategy. Farid is a graduate of the The Wharton School at the University of Pennsylvania.