Do you really know where all of your corporate data is? Is it safe? Many companies are operating under a false sense of security and have no idea where their data is at any point in time. Was it saved to a drive, portal, emailed, workstation etc.? Let’s be honest, you probably don’t know where it is. Let’s take a brief look at the possible places you may have corporate data.
We all know data exists on our file servers, and we have technology that will handle the backup and recovery of that data. These solutions are typically assumed to be working and are rarely tested on the recovery side. So you have a solution to protect the data, but you don’t go through the testing to know you can recover. Big mistake…
You may have decided to leverage the cloud to back up your data using Amazon, Microsoft or one of the other cloud services. The same holds true for a cloud service as it does for local backup from a file server. It must be tested regularly. I suspect many of you are not testing the recovery. You think you are covered because you were sold on geographic redundancy for the cloud. Have you considered that along with that redundancy comes the possibility all you are doing is geographically replicating corrupt data? If you have a cloud only solution, back it up to another cloud service provider. It is affordable to do.
You have data on workstations and you may or may not have a plan to safeguard those assets. Are you running under the assumption that people will save critical data to your file servers or some other centralized system and then it will be backed up? The fact is, users have data stored all over the place. Where there is a will there is a way. When people want data they will find a way to obtain it and they will store it in a location that is the easiest for them. Face it, your data is exposed.
Continuing down the workstation trail, your user community wants easy access and portability to the data. They have your data on external hard drives, USB drives and a variety of unauthorized cloud services such as Dropbox, Box, OneDrive, Google Drive, etc. I’m sure we have all emailed the data to our personal accounts so that we could continuing working on it later. Corporate productivity may be high, but corporate risk is even higher. What is your plan for the backup and recovery of that data?
How many mobile devices do you use? Your cellphones, tablets, personal workstations, etc. may all have corporate data on them and I will venture a guess they are not under any corporate policy or control. We have not even started to dig into the numerous other systems you have to run your business. CRM systems, exports from other applications with corporate data, databases, etc. I’m simply pointing out where the data might be.
You can spend an enormous amount of money and time trying to lock down every possible place you have data, but know that there will always be a hole.
Here are 5 steps you can do now to stop spending so much money and reduce your risk
1. Your users and their productivity is king
Give them a way to have access to data without being subjected to a TSA screening. Cloud services like OneDrive for business allow for the data to be shared and for corporate controls to be applied. You can start down this path by doing a simple shadow IT assessment and get a handle on how the data is leaving your organization. Once you understand the data leakage you can to begin to control it.
2. You really need to understand what is possible with the solutions you already own and leverage them
As an example, many companies have moved to cloud based email solutions. Some of them have corporate controls that allow you to management the movement of your data within the email system.
3. Get a grasp on your recovery!
I’m glad you have a backup, but if you can’t recover from it you are dead in the water. Test your backups regularly! Many companies benefit greatly here by using a IT service provider or managed services to backup and test the recovery process. They are typically very good and almost always will free your people for other tasks while reducing your risk.
4. Use rights management solutions and control your data
With a properly designed rights management solution it really doesn’t matter where the data is because you are holding the keys in the event something or someone goes astray. The ability to restrict printing, copying, forwarding, etc. are all possible.
5. Policy creation and regular education are important to your data management strategy
You need to communicate your data access and acceptable use policy to staff regularly and reinforce the importance. This is also a great time to gather the needs from your user by listening to their questions and concerns and fine tuning technology and policy.
The choice is yours when it comes to knowing where your data is and safeguarding it. You can implement some of the strategies mentioned in this blog and begin to protect yourself from data loss. Peters & Associates, an IT Security Solutions provider, is helping our customers today with these business challenges. We would welcome a conversation to assist you.