3 Signs That Prove You Are In The Data Sprawl Twilight Zone - Part 1

There is a digital wasteland beyond which is known to corporate security executives. It is a virtual dumping ground that spans on-premises data centers, public and private clouds, and even geographic boundaries. It is the middle ground between your applications and distributed storage repositories, made up of zeros and ones, and lies between IP networks uncoupled from data protection. This is more vast than an infinite amount of copy data hidden from IT’s security purview. It is an area which we call the Data Sprawl Twilight Zone.

If you are a security expert responsible for managing, securing, or protecting data across several data centers, multiple clouds, and many different applications then gaining a full understanding of the Data Sprawl Twilight Zone will be beneficial for you.

The most optimal way to transform your organization from the Data Sprawl Twilight Zone is with your data protection solution. Your data protection solution should not only protect your mission-critical data, but it should also provide discoverability, visibility, auditability, and compliance globally regardless of where your data resides. It should take into account the tenets of data governance and apply those by utilizing SLAs and policy-based automation with simplicity. If you currently have a data protection solution that is void of these characteristics then you should continue reading to gain further insight into transforming your current data management habits.

Imagine that it’s 4:30 pm on a Friday afternoon in a modern office complex. One that is still buzzing with chaotic chatter due to a 70-hour sprint as a result of this week's security debacle. The fiasco not only surfaced the pandora's box of disparate data that exists globally across the enterprise, but it also unearthed the Chief Information Security Officer’s (CISOs) limited visibility into the kind of data that exist deeper within the enterprise. It is the type of event that can easily derail an IT career off its climb up the corporate ladder.

If this sounds familiar or perhaps is a dormant fear awakened by this blog post, then engage further as I lay out 3 tell-tale signs that indicate you are in the Data Sprawl Twilight Zone.

Sign #1: You are Hoarding Data

As eye-opening as an episode of the reality television show Hoarders is, where random people struggle to let go of their attachments; whether they are different types of food, items collected from excessive shopping, or the habit of piling up snack wrappers and empty bottles, today’s companies are struggling on a similar path by collecting huge volumes of data.

Most IT shops will continue to add more manual processes and dedicate more full-time employees to manage this excessive data growth which only adds cost and complexity. If you have been instructed to not delete certain types of business data or application files by your IT Manager because that data has been haphazardly classified as “too important to lose” then your organization may be headed toward the Data Sprawl Twilight Zone and guilty of hoarding data.

Holding on to your unstructured data without a sound data governance program is an invitation to greater security risks and excess liability.

If your organization has at least one retention policy or Service Level Agreement with the reminder “Do Not Delete” somewhere in the title, then consider your enterprise as hoarding data.

If after reading this blog post you feel your IT organization is hoarding data then continue reading as the first step is admitting that it is difficult to control one's “diagraphephobia”.

Actionable Nugget

Determine if your current data protection solution has the ability to unify and control your data with enhanced visibility and automation that can provide additional value to your organization and minimize risk and liability.

Sign #2: Your Storage is a Digital Wasteland

According to Lao Tzu, an ancient Chinese philosopher and writer, “to know that you do not know is the best. To think you know when you do not is a disease. Recognizing this disease as a disease is to be free of it.” What you may not know is your current data management habits may be hindering your organization from being world-class because your storage hygiene is mediocre. They are so mediocre that they are reminiscent of a digital wasteland.

A digital wasteland is where unstructured data is left stagnant on-premises, across multiple clouds and is ignored or forgotten. It is a dangerous place where data is left unprotected, permission-levels are untracked, or users have excessive access to sensitive data.

There is so much chaos around your data storage that the security expert is unclear how to implement safety measures and the proper data access controls. The backup administrator is struggling to find critical data when needed because the business has no clue about which files or folders to protect, so they settle for protecting everything. Both of these situations hinder IT organizations from operating at world-class and adds management complexity since there are no data governance standards to guide them.

Sure you know your data is being stored in the cloud or on tape or even replicated to another site, but if during an insider threat or data breach, are you confident you can recover your data quickly?

If you do not have specific data governance standards that lay out how to best optimize and protect your data then this may unveil many levels of data management complexity. The type of complexity caused by the disparate tools in your environment that are leading your IT organization down a path that mimics an episode of “Backup Things”. Your data protection solution should be simple to use, not complex. It should give you the confidence to know that your data is backed up, secure, and quickly recoverable regardless of the location.

The ultimate goal is to trek toward the nirvana of data protection that taps into your enterprise metadata to deliver global visibility and control of your data assets.

Actionable Nugget

Determine if your current data protection solution makes it easy to perform audits and has the ability to assist you with complying with regulatory requirements such as the GDPR, CCPA, HIPAA, or PCI DSS.

Sign #3: Privacy Concerns and Sensitive Data are Ignored

Let’s discuss the healthcare industry for a moment. All companies in the healthcare industry are not only responsible for improving the health of their patients and offering quality care, but more specifically the IT security department is tasked with securing and protecting their patients’ sensitive data. This is all of the data that describes a patient's condition or insurance details which could have date of birth, social security numbers, or other personally identifiable information (PII). Each patient trusts the hospital or outpatient facility for protecting and keeping that data safe from outside entities.

Within the IT department, security experts and IT administrators should partner together to make sure compliance regulations such as HIPAA or the HITECH Act are upheld.

In the event of a data breach, not only do you need to worry about returning your business back to normal operations as quickly as possible, but you also need to be concerned about the financial damage. If sensitive patient data is encrypted by an attacker, then you may be facing HIPAA fines or even a tarnished reputation in the industry. According to HIPAA Journal, ransomware attacks increased by 195% in Q1, 2019 alone. In 2018, ransomware attacks alone cost organizations $8 billion and are estimated to grow to $20 billion by 2021. This is a growing trend and concern that has been capsizing numerous companies within several industries.

As the CISO, you should have visibility into the kinds of data that exist deeper within your enterprise. It is imperative that you have a solution that automatically alerts your team of a missed backup or failure with details on how to mitigate the risk before it impacts the business. A solution that empowers you with fast recovery of your most critical systems in case ransomware happens to encrypt your data.

Actionable Nugget

Determine if your current data protection solution can provide you faster data recovery in the event of an attack with immutable backups, detailed impact analysis, and fast restores.

The best decision that you can make as a security expert or backup administrator is to understand the intricacies of your current data management platform and whether it is capable of providing additional value for your organization beyond the normal mundane operations of traditional backup solutions.

Having the right data protection solution can save you after a ransomware attack or prevent you from failing an IT audit.

If you have identified or experienced one of the 3 signs, then there is still time to implement the right solution.

The Data Sprawl Twilight Zone is an unforgiving place where many companies are still clueless that their data management habits are holding them hostage. It is a risky and expensive place to be that limits visibility and control across your global landscape unless you begin to put a plan into action and start implementing world-class data governance practices.

Before you go, take some time to learn how Rubrik's Polaris SaaS platform can unify data for security, governance, and compliance within your environment.

• Watch this video featuring @Matt Noe, Sr. Product Manager explaining Rubrik Polaris Radar that provides anomaly detection and remediation.
• Watch this video of @David Terei, Lead Engineer breaking down the Rubrik Polaris Architecture and Vision.

Stay tuned for part 2 of the Data Sprawl Twilight Zone as we dive into why should you care about data sprawl and gain a better understanding of your enterprise data.