You Have Big Data, Or Perhaps Just Too Much Data?

Uploaded on 2016-09-21 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

There is more data available to organisations today than ever before. In 2015 alone, customers, employees, and other users created about 7.9 zettabytes of data globally, and that number is expected to reach 35 zettabytes in 2020.

The type of information that companies are collecting is also multiplying, from traditional sources such as customer mailing addresses and phone numbers to more advanced demographics, web histories, shopping preferences, and even biometric data.

Advances in technology, computer power, and analytics mean companies can collect and process data in almost real-time. This may lead executives to believe that the more data they have, the greater their advantage. However, collecting a virtually unlimited amount of data can create a serious threat for organizations, because the amount collected often outstrips the ability to protect it.

In fact, when CEB surveyed 54 information risk executives around the globe in 2015, more than three-quarters of them indicated it is harder, or significantly harder, to prevent data breaches than in the past.

If a company does have a data breach containing certain types of sensitive personal information, such as social security numbers or health records, it can trigger additional burdensome legal duties and invite increased regulatory scrutiny, not to mention potential reputational damage.

The simplest way to protect sensitive data is not to have it in the first place. But companies drawn in by big data's tantalizing promises often collect too much information in the hopes they will find the time and resources to analyze it later.

Worse, companies often keep data long after its usefulness has passed. Ultimately, there's a difference between big data and "lots of data," and organizations need to regularly evaluate how they use data and set clear guidelines for what they collect and store.

Assess the Value of Data You Collect

Assessing and evaluating the true value of data, and the potential risk of a breach, will help IT leaders set their data strategy and avoid collecting too much. But IT can't do it alone. Creating a sensible data management strategy requires input from stakeholders across the business.

CIOs and other IT leaders charged with managing and protecting data can get the conversation started by asking these six questions:

1. What is the business need for the information we collect? Too often, companies use a "collect now, analyze later" approach, thinking that more information is better. Instead, leaders should carefully consider how the information will help them achieve their corporate strategy and performance objectives.

2. Do we have the capabilities to use the data effectively? In addition to understanding the data's value, leaders need to evaluate whether their teams have the skills and capabilities needed to collect, manage, and analyze it. Analytic capabilities required to use and apply information in decision making are rare. Without a capable team of analysts and data experts ready to turn data into insight, it may sit untapped, or worse, be misused.

3. How would the public react to the information we collect and how we use it? Merely because companies can lawfully collect an enormous amount of customer and employee data doesn't mean they should. Leading companies are working to better understand how customers and employees feel about providing personal data. They weigh the data's potential value against the potential reputational harm from the public knowing the information is being collected, in order to decide whether to collect it.

4. What information do we need to protect, and at what level and at what cost? Keeping all company information secure is important, but certain types of information like credit card and social security numbers require heightened protection under specific privacy laws or regulations. Losing such sensitive information can turn a data breach into a full-blown privacy failure. Companies need to address and classify these types of information and understand the oversight and compliance costs to retain them.

5. How long should we keep sensitive data? As business changes, previously collected data can be forgotten. Leading companies incorporate the data they collect into their records management policies to ensure the data does not exist indefinitely. Establishing data's shelf life is a critical step in minimizing the risk of a costly data breach involving low-value data.

6. Who needs access to the information? Given the multitude of ways to use data, many employees will need access to collected data or to the results of its application. A comprehensive understanding of who will be working with the data can help prioritize risks and pinpoint potential breach points. When determining this, leaders should identify which functions will handle the data, how they will use it, and who might need continuous (as opposed to one-time) access. Take steps to ensure employees who don't need access to sensitive data don't have it.

Information drives many aspects of corporate performance. That said, failing to secure data, lingering reputational harm. IT professionals have had a role to play in helping their companies adequately assess and evaluate the true value of their data and the potential risk of a breach in order. The best way to do this is to set a successful data strategy and to avoid collecting too much information.

InformationWeek

 

« FBI: Don’t Pay Bitcoin Ransomware
Special Report: CEOs And IT Innovation (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

DOS

DOS

DOS is an Ecuadorian company with 3 decades of presence in the market and extensive experience in the planning, management and execution of IT Service Integration Projects.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

Authenteq

Authenteq

Authenteq provides an Omni-Channel identity verification and KYC solution that allows your customers to verify their identity through any channel without compromising their privacy.

Sentinel

Sentinel

Sentinel works with governments, media and defence agencies to help protect democracies from disinformation campaigns by developing a state-of-the-art AI detection platform.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

ITC Federal

ITC Federal

ITC Federal delivers IT cybersecurity assessment services to support agencies in meeting their security strategies and federal security compliance goals.

Snare

Snare

Snare is a comprehensive set of event monitoring and analysis tools designed to address critical auditing and security requirements.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Quod Orbis

Quod Orbis

Quod Orbis are a fast-growing, innovative company providing market-leading expertise in cyber security and Continuous Controls Monitoring (CCM).

MajorKey Technologies

MajorKey Technologies

MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.