Data theft is the weakest link in the cyber attack kill chain. That’s why information security is so critical said Joe Shepley at our Houston Breakfast with the Experts this past June.
Everteam, Doculabs, and InfoDNA hosted an informal breakfast chat in Houston to discuss the challenges of information management, especially those that drive security loopholes and threaten to take down even the largest of enterprises. The discussion was so good; we thought we’d give you a summary and share the slides our experts presented (view those below).
Data Theft: Not a Matter of If, But When
Sometimes we bury our heads in the sand and say it will never happen to us. Then we hear about big companies like Target and Sony, and suddenly it’s clear – if it can happen to a company of that size, then it can happen to anyone.
At some point, someone is going to try to get at your data and if you aren’t prepared for it, well, let’s just say we wouldn’t want to be in your shoes. Joe introduced the kill chain to explain how it works.
So what do you do to avoid that weakest link? Joe offered a framework for you to follow. It looks like this:
- Policy Alignment: Every organization will do this differently, but you need to align your corporate policies with good practices for information management. For example, how do you deal with records management (both paper and digital), security classifications and orphaned or abandoned data?
- Procedure Alignment: Align your procedures with your policies. Here you will need to provide detailed step by step guidance for how to dispose of data. Joe said you need to go very granular with linked procedures for file analytics, disposition, testing, remediation and application decommissioning to guide your tech resources.
- Defensible Content and Disposition Playbook: The primary concern is usually to get it right technically, but often the legal risks are more critical and can be much more damaging. Your playbook will memorialize requirements of disposition and the results. It’s this playbook that will defend you in court and for regulators for years.
- Content Cleanup: Content cleanup can be standalone or part of a migration plan, and you will need the right tools. Joe’s research has shown that:
- 30-70% of most organization’s content is junk and should be removed immediately.
- 20-40% is stale and should be purged or archived (especially if it’s older than three years).
- 1-10 TB of stale sensitive content can be immediately quarantined with no operational impact. The idea here is to reduce the overall size of your unstructured data footprint 30-90%/
- Change Management: Three things you need to define here: your Stakeholder Matrix – who needs to know what going on; your Communication and Training Matrix – what do you need to communicate and train people for, when and how will you do it.Finally, You need to create a communications and training schedule.
Overall, Joe told us that the goal is to raise awareness in InfoSec about Enterprise information management and articulate some quick wins that will reduce the content do you don’t need and identify and protect the sensitive content. It’s about reducing your risk footprint and showing progress.
The State of Enterprise Information Management and What Got Us Here
Gungor Aydogmus, CEO of InfoDNA Solutions took us on a tour of the state of Enterprise information management, and it’s kind of scary. He said that typically 40% of content is duplicated, that many companies have multiple taxonomies and a lack of standards, and most have multiple ECM repositories, as well as multiple records management and compliance systems.
Gungor pointed out that there are volumes of unmanaged files located on shared drives leading to high compliance risks and limited user acceptance to follow any rules or guidelines. It doesn’t help that the ownership of Site and File Share Management tasks often exists as a hybrid between the business and IT.
Why are so many companies in this situation? Lots of reasons, take your pick:
- Wrong information structure framework
- Incorrect file plan and enterprise taxonomy
- Premature adoption of technology
- Inadequate integration between key systems
- Unclear understanding of the implications of middleware technology
- Poor design, poor architecture, and engineering
This list seems like it could go on forever.
But just because it’s a mess now, doesn’t mean it has to remain that way. Gungor went through a great customer story where a similar situation existed and how they helped the company through it. Check out the slides to get the details on that.
To get you started, Gungor offered a series of steps:
- Assess your current environment. Examine your information structure framework and existing content landscape. You need to know the situation today.
- Normalize your enterprise data dictionary and create master data services with change control.
- Define governance policies by business functions
- Align your business processes with your information lifecycle
This is no trivial task, but the results will yield enormous results for your company.
Check out the slides below from Joe and Gungor’s presentations. Stayed tuned as we are planning more Breakfast with the Expert events in the coming months! Sign up for our newsletter in the sidebar to ensure you don’t miss the invite!