One of the most important keys to achieving success in the cloud is understanding your data. How can you know what the cost will be and how will you protect it when 52 percent of data is dark? A full third of the remaining data is considered to be useless!
Successfully transitioning to cloud requires finding that dark data so you can incorporate it into you plans and get it back under control. You need to figure out which third of your data is useless so you don’t invest time, storage space, bandwidth, and money into migrating it. And you need to understand the remaining data so you can:
- Assess the level of protection it requires. There are costs associated with the implementing data protection. While all data should be secured, not all data requires the same high level of security. But unless you understand your data, you have no way to make decisions about the value of data and how much risk it is exposed to in the cloud. When you do understand data, you can determine where encryption is needed and what other controls are required to keep it secure.
- Ensure you meet data sovereignty mandates. Some countries require that data remain resident in the jurisdiction where it was created. If you don’t know where data came from, and where you’ll be storing it in the cloud, you can’t satisfy those requirements.
- Satisfy GDPR requirements. The upcoming General Data Protection Regulation (GDPR) mandates how you treat data about European Union citizens. In order to comply with those requirements, you need to be able to locate the information you have collected for a specific individual. That means more than doing a database query, because the regulation applies to unstructured data, such as emails and spreadsheets, as well as traditional formats.
- Recognize unauthorized use of data. You need to know how your data is normally used so you can recognize changes in access patterns that can indicate a threat. This requires understanding who owns the data and who has permission to view, modify, and share it. Once you have that understanding, you can make sure your identity and access management in the cloud provides the appropriate controls.
- Test your controls. After data is migrated to the cloud, your knowledge of the data that’s there and its importance can help guide your vulnerability testing and assessment of the results.
Understanding your data is easier if you have a solid data dictionary, but that won’t help you find dark data and won’t identify data in email and other unstructured formats. Surveying employees about their data use is likely to be seen as a distraction and result in incomplete results.
Instead, use a tool such as Data Insight from Veritas to automatically collect metadata and permissions and help you understand your data before you move it to the cloud. Contact dcVAST to learn more about how tools from Veritas can protect your data wherever it resides.