Unstructured data management: plan for security and governance
One-size-fits-all management doesn’t work for unstructured data. Follow this advice to create a cost-effective security and governance program.
Storage engineers and IT infrastructure managers are doing more than ever before. In addition to managing the performance of on-premises, cloud storage, and backup technologies, you also need to manage the data within these systems. Data needs to be accessible to users, fast to access, and able to be moved to colder tiers or archives (to control costs) after active use ends. However, data protection requirements continue to expand due to ongoing ransomware threats, sophisticated cyberterrorism and cybercriminal organizations, and an increase in natural disasters. Last year’s AI innovations, especially those by ChatGPT and its many competitors, have also introduced new threats and risks to enterprise data.
Storage is just one area of cybersecurity, but protecting the source of your data is certainly important. Unstructured data accounts for at least 80% of all data created and stored today, but its size is making it difficult to protect with traditional backup and storage methods. . Most companies manage petabytes of data. Backup software typically creates three copies of data and therefore represents a large portion of IT spending (typically at least 30% of the IT budget). Disaster recovery and ransomware threats are increasing costs as additional offline copies may be required to protect against these threats. The cost of traditional backups is prohibitive, so organizations need affordable data protection for non-critical data.
Interest in compliance is also increasing. In his 2023 study from IDCs, “What Executives Need to Know About Unstructured Data,” 46% of respondents said compliance with regulations, including data privacy in all regulatory jurisdictions, is a top priority for their organization. says that it is an issue. More than half (51%) reported not complying with data regulations in the past 12 months, with an average total cost of $1.03 million.
IT and business executives responding to the Komprise 2023 State of Unstructured Data Management survey identified the following top-priority capabilities:
- Monitoring and alerting for anomalous storage system activity
- Policy-based automation, such as copying file data to low-cost object storage to protect against ransomware or moving data to cold storage or confinement for deletion
- Data protection and compliance/litigation hold identified as top two new use cases for unstructured data management
Create a security and governance program
One-size-fits-all controls for unstructured data no longer work. The following tactics can help IT departments create cost-effective security and governance programs.
Get to know your data. It may sound obvious, but you need a comprehensive understanding of all the data in your storage. Visibility gaps, hidden applications, and confusing data silos within branch offices all increase risk when data is not properly managed. Consider that your protected data can end up in places it shouldn’t be, such as forgotten or underutilized file servers or shadow IT cloud services. Employees unknowingly copy sensitive data to non-compliant locations more often than you think. You need a way to see all the data in your storage and search through it to find files to segment for your security and compliance needs.
You can use the data management capabilities of your NAS/SAN/cloud storage product to search for file types such as HR data or IP data, but if you use a multi-vendor solution, you need visibility across all storage vendors and clouds. We need to integrate gender. . Knowing how much data is cold, what data is stale, and what data needs to be deleted is equally important to eliminate unwarranted exposure and risk.
Work with security and business leaders to set cold data thresholds. IT infrastructure teams must collaborate with security and network teams to procure, install, and manage new storage and data management technologies, but they require a more formal process centered around the data itself. This may involve stakeholders such as legal, compliance, risk management, finance, and IT directors from key business units. The goal is to create requirements and guidelines for data management security and governance to strengthen those already in place.
Cross-functional teams can also create policies for data tiering and archiving. This reduces the footprint of data residing in primary storage where a 3x backup copy standard is introduced. 60-80% of the data in storage is rarely used and can be moved to cheaper storage, such as object storage in the cloud. Cold data backups may not be necessary because the data is stored in resilient and immutable storage. Tiering data older than one year is a reasonable goal, but these policies vary depending on the type of data and the department that owns the data.
