When you begin your journey of getting your data security under control, the size of the challenge can feel daunting at first. Here’s our guide on how to bring your data security under control in 9 manageable steps.
Structured and Unstructured Data
While structured data is easier to understand and easier to manage, unstructured data can be a serious challenge to resolve. This process can be applied to both bringing both structured and unstructured data into a security control posture that meets the needs of almost any organisation.
Table of Contents
1. Define a data protection policy
This should include what types of data your organisation holds, what classifications, how long you should retain each type and classification of data, and how you securely destroy data when it is no longer required.
2. Identify where your organisation’s data is stored
Data can be stored almost anywhere these days. Structured data in relational or document database management systems will be the easiest to uncover. Unstructured data will be much more difficult. Some places to start looking:
- File shares on your network
- Enterprise cloud storage such as OneDrive, SharePoint, Google Drive, Dropbox, etc.
- End-user devices
- Removable media
- Cloud blob storage such as AWS S3, Azure Blob storage, Google Cloud Storage, etc.
- Social Media
- SaaS solutions
- SQL Server, MySQL, PostgreSQL, Elasticsearch, MongoDB databases, etc.
3. Analyse all the data you can find and delete anything that is not required
This includes deleting things your organisation should not have stored at all, things that we’re useful once and are no longer required, and anything you are legally no longer permitted to hold (personal data where the original use case has been fulfilled).
Organisations that have never implemented strong data retention controls will find that most of the data they store is stuff they don’t need anymore. In addition to putting you in a poor security posture, this also comes at a cost. While data storage is relatively cheap these days, storing terabytes of unnecessary data is still expensive and the cost goes beyond the raw storage of that data at source. It also contributes to increased backup charges, bandwidth charges (for shipping backups to a remote location), and longer restore times during a disaster recovery or business continuity event which can have knock-on impacts on the commercial side of the organisation.
4. Identify the types of data your organisation holds and define a model for how it should be stored
5. Move any data not in the ‘official’ data storage structure into the correct places
6. Define and automatically apply data classification by location
Anything stored in the correct place should automatically be classified.