Solutions

Information Governance & Compliance

Successful introduction and continuous application of data governance and compliance practices are an absolute imperative for all organizations. This applies to all data repositories including unstructured data held in traditional file shares, collaboration platforms, private, hybrid and public cloud services.

The Information Governance and Compliance solution area provides organizations with the necessary information to begin applying logical frameworks to unstructured data, to monitor, and to facilitate the organization’s adherence to these frameworks.

A complete analysis of all unstructured data to guide classification as record/non-record, IP/public, employee/client/subcontractor PII, inside/outside of retention period, etc.

Self-service access to analyses of file service usage that highlight areas of possible non-compliance and guide specific action by data owners.

The ability to effect a change in the organizational culture; to create the understanding that responsibility for ensuring data quality is shared by all file service users.

Unique Features

The following features are only available in the Information Governance and Compliance solution area:
The ability to scan the content of text-based files and identify specific strings, either by simple string matching or pattern matching using regular expressions.
Analyses reveal which files contain target strings or patterns and display relevant excerpts from these files to allow the quick identification of false positives.

Feauture Sample

Scan the full unstructured data environment – SMB/CIFS file shares, NFS exports, SharePoint, OneDrive for Business, Azure, etc.
Provide self-service access to summary and file-level reports of file service use to relevant organizational stakeholders – Data Governance, Data Compliance, Data Protection, Records Management, ILG, etc. (up to 20 individual users).
Utilize the benefits of the Data Stewardship Framework solution area and recruit specific data owners to pro-actively manage unstructured data for their department or team.
Use View Profiles to ensure that the information provided is relevant and focused on data governance and compliance issues.
Analyses based on meta-data provide a powerful insight into file service use.
When areas of interest are identified, text-mining analysis (string matching and regular expression) reveals the exact nature of the data.
Get assistance from Northern’s Professional Services team in defining the regular expressions necessary to locate specific alphanumeric strings.
Use built-in workflows to queue, sign-off and execute actions on selected files.
Rely on full logging of actions carried out to ensure all file mitigation is defensible.
Demonstrating a functioning practice of compliance monitoring, coupled with remediation workflows, quickly satisfies risk assessment auditors.
Regularly and automatically updated file service content reviews minimize the time and effort required to respond to audit requests.

Data Protection

How to handle GDPR in unstructured data

  • Being able to quickly scan a large number of files of various file types and find PII.
  • Being able to determine who, or what part of the organization, the file containing sensitive data belongs to.
  • Being able to distribute information about the sensitive data, in an easy and straight-forward way, to the Data Controller, Data Processor and the DPO making sure policies are followed.

GDPR applies to all types of systems where personal data is stored. Most GDPR projects start with, and often doesn’t get further than, structured data, i.e. databases, document management system, CRM systems. These systems are generally searchable and taggable by default and once an organization has decided what constitutes PII (Personally Identifiable Information), implementing policies is relatively straight-forward.

Unstructured data (especially file data) is a different beast all together. You have a slew of different file types and formats, and the data is generally spread over different platforms and locations. The files aren’t necessarily easily searchable, and even if they are the content will look different from file to file and patterns are more difficult to establish. On top of that, most organizations lack a good policy for data ownership where files are owned by system or application accounts and no hierarchical structure exists so that information about these files can be escalated.

To tackle GDPR compliance in unstructured data, you need to:

  1. Define rules about what constitutes sensitive data and PII in your organization, e.g. social security numbers (SSN), address information, contracts etc.
  2. Understand where the organization’s unstructured data resides, on-premise file shares, SharePoint, OneDrive etc.
  3. Establish and maintain a system of data ownership to ensure information will be handled by the appropriate person.
  4. Scan this data regularly to discover files that likely contain sensitive data.
  5. Establish policies on how sensitive data should be handled, what should be kept in what system etc.
  6. Tag the identified data and deliver this information out in the organization so that the data owners themselves can take action on the sensitive data, move, delete etc.
  7. Aggregate and spread information about sensitive data to Data Stewards, department heads and executives to safeguard that the rules are followed.
  8. Create a workflow to be able to inform the individual of what personal data about them is being held and based on that have the possibility to accurately delete that data.

Northern can assist in GPDR compliance related to unstructured data by:

  1. Giving an overview of the environment; what data repositories contain user-generated unstructured data, who is saving what files and where they are saved.
  2. Finding likely file and share owners, for example based on recent activities.
  3. Gathering meta data on files to pinpoint potential areas of interest.
  4. Scanning the text in files and by using specific words or regular expressions find potentially sensitive information.
  5. Creating actionable dashboards that can be distributed to data owners as well as data stewards.
  6. Assisting in establishing policies around GDPR and sensitive data based on best practices.
While less straight-forward, including unstructured data in a GDPR project is imperative to living up to regulatory demands. Getting a better handle on the unstructured data will also allow for ROT (redundant, obsolete, trivial) clean-up, increasing cost efficiency and decreasing risk far beyond what is dictated by the regulation.

Recently ransomware and malware have become an increasing problem for many organisations.

If you are a Northern customer, you already have a solution in place that could assist in getting a better handle on this problem.

Using Northern’s solution you can:

  • Prevent file types related to ransomware and malware from being saved
  • Notify the security team when these file types have been attempted to be saved, and
  • Scan the environment to find files already there, allowing for them to be easily removed

Northern’s solution has definitely prevented us from being on the from page of The New York Times.

- An American customer on using NSS as one layer of their protection against ransomware

Although not strictly a security solution, Northern has assisted a number of companies to strengthen their defence against Ransomware. Most recently Northern assisted a large engineering company to put real-time monitoring policies in place to block the saving of files with known ransomware file extensions (.locky, .crypt1, .zepto, etc.) – preventing infection. Additionally, notifications were configured to inform of any on-going infection attempts; allowing administrators to immediately identify when, where and through which accounts attempts to encrypt were being made.

While this does in no takes away the need for security solutions, such as anti-virus software, Northern’s solution can add an extra layer to your ransomware and malware prevention.

Read more about how you can use NSS to interrupt and track ransomware attacks, or contact us to discuss your organization’s specific needs.

Northern Parklife icon

Let’s take control over your data management

We accelerate the goals of growth stage companies by providing the expertise and experience they need to hit their next stage of growth faster.
Contact Us