Ensure the right data is stored in the right service?
More and more organizations are moving to a service delivery model, re-positioning file storage as a service designed to fulfill continuously evolving business needs and make use of emerging technologies. This can lead to a series of new challenges for the data protection function.
When client data is stored in a cloud service the role of data controller and data processor become unclear. Shifting data protection obligations between customer, service provider and possible subcontractors blurs lines of responsibilty, leading to the risk of miss-managed vulnerabilities.
Collaboration platforms, both on-premise and cloud-based, are prone to data-loss vulnerabilities – by their very nature. Access rights, data categorization, ownership and location must be continuously maintained.
Providing the relevant levels of security for business records, client data, employee personal data, working files, etc. across a diverse and shifting set of infrastructures requires that the data protection function understands how the business is using the file services offered; what are users storing and where they are storing it.
Northern’s Information Governance and Compliance solution area provides both summary-level and detailed insight into the nature of the unstructured data footprint. Categorization of files can be performed both programmatically, using meta-data filtering or text-mining, and manually by data owners. File location, by service type, offers an immediate analysis of potential risk and allows for accurate and targeted actions to be carried out.
This solution area also offers the ability to continuously maintain an acceptable running state. Frequent updates of data protection analyses allow for emerging risks to be quickly identified and for usage to be guided back into a secure state.
The ability to map the use of file services, to understand what users are storing and in which type of infrastructure, as well the ability to involve those users in guarding against data-loss vulnerabilities offers significant benefits:
|Defining a policy for how different services should be used, and then mapping current usage to that policy, is a vital first step in establishing data protection within a developing file service.|
|Ensure policies are correctly followed or highlight areas where data protection standards should be increased to accommodate business use.|
|Business users have the best knowledge of the files that they create and use. By involving these stakeholders in the classification of data the organization can put important granular decisions into the hands of those who are best placed to make them.|
|Raise awareness of data protection issues within the user population. By asking the business to participate in file classification, users will better understand when they are (and are not) using the file service in an appropriate manner.|