Understanding the real value of data assets through risk

Between all the new collection points we have between mobile and IoT technology, every business is now swimming in data. But the questions that every organisation needs to ask about their data are:

• Who owns the data? IT or the business?
• What do we use the data for?
• How do we value our data?

What we do know is that those businesses who embrace insights and derive the greatest value from their data will have a significant competitive advantage. Before they can do so, they need to understand how data contributes to outcomes such as:

• making better decisions
• evaluating risks
• selecting the ideal investments
• finding new customers
• building engaging experiences

Organisations can aggregate their data to create intrinsic value through new products and services e.g. financial services firms tracking market data to offer investment advice. Other businesses can create derivative value from data by combining previously unrelated low-value datasets to create new value from correlations. We’re also seeing an increasing number of businesses use algorithms, AI, and machine learning to uncover previously incomprehensible insights from huge datasets.

At the same time, GDPR and other similar regulations have been a reminder that data has huge value to the business when it comes to managing risks. Data breaches now have the ability to cripple organisations through massive costs from:

• remediation and investigation
• huge fines
• irreparable brand damage
• loss of shareholder value

Every business needs to remember that their sensitive data is potentially more valuable to cyber criminals in some cases. Financial gain is a powerful motivator, which is the reason why we’re seeing consistent growth in the rise of malicious data breaches and threats.

The challenge lies in valuing our data appropriately for creating value as we outlined above, but we also need to value our data in terms of the risk it exposes to our organisation. To achieve both of these valuations, we need to come up with answers to the first three questions I asked above. This is the process of data discovery and classification, and it’s an essential process for every organisation in today’s digital economy.

Often the discovery process for our data will see us mapping large amounts of data, only to realise that only a relative proportion of it is sensitive, and actually requires protection. Attempting to monitor all of our information leads to excessive costs and redundant security efforts, which is why classification always follows discovery.

Your definition for sensitive data will vary in terms of which datasets:

• are essential to your competitive advantage
• contain sensitive information about your customers
• need to be secured to comply with regulations

Once you understand exactly which of your datasets are sensitive, you can begin placing the right controls and security processes around them. While it’s tempting to make data available to every employee, contractor, or partner to help create new value in the business, business leaders need to understand there may be greater value in limiting their risk of a data breach.

About the author:

As the Regional Vice President for Asia Pacific and Japan at Imperva, Chris Wood partners with organisations to ensure their data is contained in completely secure cloud environments. His services determine the most effective security solution for his clients’ cloud, database, application and DevOps requirements.