David Gibson, director of strategy at Varonis takes us through his top-level predictions in the Data Governance field for 2012. From Big Data, Secure Collaboration, The Insider Threat and Data Automation Varonis has an opinion based on experience.
1) Secure Collaboration Goes Viral – Data will continue to grow at 50% year over year, digital collaboration will continue to be the core of every business process, and IT budgets will stay flat. Instead of losing complete control, 2012 will be the year data owners get involved – they will take back access control decisions from IT, and demand automation to analyze data, make better decisions, and eliminate costly, ineffective manual processes.
Data owners are the only ones who can gauge the sensitivity, importance, and organizational context of data. In 2012 data ownership will start to gain in organizational importance. Just as organizations demand automation to understand their sales trends, customer base, financial habits, and other critical processes, they will demand automation to understand their data—where it should reside, who should have access to it, and how it’s used.
• Organizations will realize that continuing on the current path will have devastating results for their businesses – doing nothing is not an option anymore
• Sound discipline will prevail—you can’t understand what you can’t measure
• Infrastructure needs to be refreshed periodically and convergence is the trend (small, distributed servers will consolidate into fewer, larger, centralized ones).
• Without intelligence, the wrong data may be moved, the wrong people will have access, and the opportunity to maximize their data will be lost.
There are a number of reasons driving organisations to find the owners of all this “stuff.” One is so they can clean it up and get the stale information deleted. If they don’t know who this “stuff” belongs to it’s just going to grow indefinitely and it’s dawning on them that they can’t afford it. That’s one driving cost.
The other is that they have this huge amount of data and no one knows who’s supposed to decide who gets access to it. The number of security groups in an organization is usually the same or more than the number of users in the organization, and they are all over the map in terms of what groups have access to what data. It’s like a bank which has just realised that it has all of these bank accounts but they don’t know who’s signing the ledger at the end of the month.
We regularly work with organizations with 10-100,000 plus shares for which they need to identify data owners. With one of these organizations we decided to do an experiment with 7,000 of their shares and they found they were only able to identify 22% of the owners with traditional methods. It’s a huge problem and the awareness of it is growing because many organizations have got a lot of data to secure, much of which is sensitive. The data is growing so quickly that in 2012 organisations are going to find it even harder to identify owners, and to make any data management and protection decisions without harnessing the power of metadata.
• New technologies that can identify data owners provide recommendations to data owners on where access can be safely removed, the ability to directly enact those changes on their environment, and intelligence about when those with approved access might be abusing it will become more important.
• Organizations will conclude that harnessing the power of Metadata is the key to making data management and protection decisions.
2) Big data analytics will expand its focus to the biggest data of all—unstructured information sitting on file servers, NAS devices, and in email systems.
Effective data governance requires harnessing the power of metadata through intelligent automation. It is not surprising that industry experts are now saying that the same kind of automation is necessary for more than good governance.
In order to harness the power of “Big Data,” you’ll need to analyze and look for patterns in how and when these massive amounts of data are used, who uses it, in what sequence, and what it contains in order to effectively run a data-driven organization. Widely known fact: the majority of big data in the enterprise is unstructured versus structured
• Unstructured data is growing 50% YY
• The asset class is appreciating in more than just size—unstructured data formats are now complete information products in and of themselves, conveying ideas, business plans, budgets, blueprints, process descriptions—they are the lifeblood of almost every business process.
• Organizational pressures (cost, compliance, risk, competition) will increase the importance of making decisions about data -- which data is relevant, to whom, which should be in the cloud, should be mined? These will be impossible without the right intelligence.
3) Organisations will start keeping track of their assets through automation and we will see some IT departments taking drastic measures, such as shutting down “at risk” servers or access to e-mail if the proper audit trails are not in place.
We are seeing more and more requests from corporate users who have hundreds or thousands of employees to deploy our technology to understand data usage, data ownership, permissions optimization, and to identify and contain their internal threats.
In a recent high profile case, one organization used our software to catch an infiltrator who was operating as a contractor within their firewall. This had enormous implications for the IT security of that organization. If they had not found the suspected hacker when they did who knows what damage could have been done. This individual is now out of their system— and in the justice system.
One of these organisations has recently enforced a policy of – no visible audit trail, no email! Their iron rule is - if the auditing is not available in their email system they aren’t allowed to use email. So, in other words, if the communications can’t be traced and audited then they may shut down the email server. Another big organisation has also recently said that Varonis’s auditing has become so important that they are adopting the same policy on their file systems. It hasn’t happened yet but 2012 may be the year servers get shut down and email withdrawn if the risk is unquantifiable. The same controls we require for financial assets are now becoming mandatory for digital assets. If you couldn’t audit your bank account, you’d want to freeze it until you could—it’s now the same with data.
• We will see some IT departments take drastic measures, such as shutting down unaudited, “at risk,” servers or access to e-mail if the proper audit trails are not in place
• Organisations will start keeping track of their assets through automation
• More than 95% of file access activity is not audited by IT – this is a profound operational failure and will begin to change in 2012.
• Organizations will start to close down the data employees have access to. Take any random employee and 50 percent of the data they have access to, s/he shouldn’t be able to access.
• Organizations will have to start answering the question: ‘Who is accessing the data?’ When someone deletes or downloads thousands of files, they must be aware of it.
• Since more than 50 percent of the data on file systems, NAS devices, SharePoint sites and emails systems don’t have an owner, in 2012 board-level executives are going to start asking IT why this situation is being tolerated – and they may not have an answer!
4) Internal threats will still be a major worry for corporates in 2012 despite the demise of Wiki Leaks
When it comes to data loss, threats from inside the organization have become as worrisome, if not more so, than those from outside. In many of the security breaches in 2011, employees or contractors were able to delete or download thousands of files without raising concerns because often no one was able to determine what sensitive data they had access to and secure it before information could be stolen, view an audit trail of what they actually did access after the fact, and certainly not hear any alarms go off while the breach was in progress, when access activity was unusual.
Much of the data accessed and leaked in recent breaches was composed of unstructured or semi-structured data – documents, spreadsheets, images, presentations, video and more – that resided on file shares accessible throughout organizations.
• Organizations which fail to protect sensitive data will incur serious regulatory and legal liabilities, along with revenue and market share declines
• 77% of organizations note that unstructured data management lacks automation – how can they then protect themselves from the insider threat?
• Access control, auditing, classification, ownership and authorization will all start to improve as organizations recognize the threat from inside
• Organisations will realize that the manual approaches to data management and protection that worked 10 years ago no longer work anymore