Because I am both a cheapskate and own some screwdrivers, I’ve repaired my share of major appliances. Not long ago, in the midst of a more-urgent-than-usual repair, I needed a part. Abandoning Amazon in favor of more immediate satisfaction from a local appliance parts shop, I made my way to a strip-mall storefront not far from my house.
If unstructured data could be photographed, it would look like that shop: parts for every type of appliance parts haphazardly piled across shelves extending deep into the back recesses of the building, and not a part number label or barcode reader in sight. The old hand at the counter asked what I needed, disappeared into the back for a minute or two, and emerged with a shiny new match for the broken part I held in my hand.
If only unstructured data discovery was that easy. For IT teams grappling with privacy mandates, data discovery is a real problem – for both unstructured and structured data. Regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) outline expectations for handling personally identifiable information (PII). Compliance and data protection are the goals, but the tactics you’ll use for millions of end-user files versus the millions of records in your databases are quite different.
PII protection starts with PII discovery. For databases, discovery might be a one-time task to locate PII across an organization’s collection of structured data. For unstructured data, discovery is an ongoing process. Either way, discovery is a step that can’t be skipped.
It’s easy to understand why it’s hard to find PII in unstructured data. A typical organization manages more than 10M files containing everything from marketing information to customer contracts to company picnic invitations. Discovering PII in unstructured files remains one of the toughest data security challenges out there.
It’s harder to understand why structured data discovery can be tough. Structured data should provide an easy map to PII, but database designs often predate modern privacy regulations and, as a result, few databases were designed with privacy in mind. Sensitive information is often scattered across different databases, in different tables and in different fields. Sometimes PII is duplicated across tables or databases. Finding it all can be tougher than you might think.
In both cases, automated PII discovery can help IT professionals make sure they’ve found the PII data they need to protect. In the unstructured data world, rules and end-user classification programs have long been used in an attempt to identify PII – but they haven’t been effective or manageable. Recent artificial intelligence innovations show promise in automating the data-discovery task for both types of data.
Understanding what’s at risk starts with a clear and complete assessment of who can access PII. Again, the differences are stark when assessing risk in structured and unstructured data. Here are some things to keep in mind when evaluating the “who and how” of PII access in a structured database.
Assessing unstructured data for risk is far more difficult. Fortunately, if you’ve successfully discovered which documents contain PII, risk assessment is more manageable. Once you know where PII is, you’ll want to look for the following indicators of risk:
This can be a daunting task. Again, recent innovations in AI can lend a huge helping hand to your team as they establish access control for your end user’s files.
As with the tasks of discovery and assessment, tactics for protecting structured and unstructured data are quite different. Here’s some advice for structured data risk mitigation:
And on the unstructured side of things, there are emerging tactics to consider as well:
Compliance is a complex topic, and this article just scratches the surface of what you’ll need for your particular data and regulatory environment. Having a clear understanding of how to discover, assess and protect structured and unstructured data, and their differences, gives you the foundation you need for an effective and manageable program to protect the PII you manage.
Have you ever considered the invisible barriers that exist within your organization? With so much data flowing in more places...
Note: this article has been updated and refreshed as of 12/10/23 As the cybersecurity landscape evolves in scope and complexity,...
Not long ago, the term data privacy was considered a buzzword. Today, data privacy has moved to the forefront of...
This article originally appeared in Campus Security and Life Safety magazine. It’s clear that ransomware attacks are on the rise,...
Ransomware is a particularly heartless endeavor: criminals have targeted schools, vital infrastructure, and even patient records at a psychiatric treatment...
Almost every IT project must, at some point, run the financial justification gauntlet. Even initiatives with broad organizational support, like...
Libero nibh at ultrices torquent litora dictum porta info [email protected]
Start connecting your payment with Switch App.