Search
Close this search box.

Increase efficiency

Data grows continuously and mostly in an uncontrolled way – efficiency of those owning and being dependent of the data decreases as it becomes increasingly chaotic. Having insight and control over your file data will improve efficiency of data owners, and of those tasked to control the risks associated with the data.

01

Business Needs

Curb Inefficient File Service Use

A lack of policies and process to manage how file services are used leads to the accumulation of redundant, obsolete and trivial (ROT) data.

Research carried out by the Compliance, Governance and Oversight Council (CGOC) showed that organizations should expect only one third of unstructured data to hold business value or be subject to legal and/or regulatory hold. These conclusions are supported by Northern’s experience in delivering data footprint analyses for major customers.

02

Recommendations

Insights & Recommendations

Efficiency Improvements in File Service Use

Review of Data Footprint at Employee Departure/Transfer

Targeted Behaviour

A significant volume of files stored in the file service are owned by ex-employees or are no longer in use because the file owner’s role has changed. The data within these files, which carries unknown risk and unknown value, is unused and unmanaged.

Directive

It is each employee’s responsibility, or the responsibility of their supervisor, to properly manage records prior to transfer or departure.

Records must be retained or disposed of in accordance with approved records retention and disposition schedules.

Policy Requirements

  • A standard analysis of file shares owned or used by the departing/transferring employee are run prior to, or at the time of departure/transfer.
  • Employees/managers review files listed by these analyses and ensure that data management controls are being properly followed (delete transient files, delete duplicates, delete personal files, customer records correctly located, etc.).
  • Completion of data review is documented.

Efficiency Improvements in File Service Use

Create Awareness and Encourage Efficient File Service Use

Targeted Behaviour

Workplace organization practices are in place for the physical workplace (4S). These must be extended to electronic data spaces.

Directive

File storage that is allowed to grow without any form of management will quickly present unnecessary and significant risk and cost. This can be avoided by extending the corporate culture for structure and cleanliness in the physical workspace to include use and content of the file service.

Policy Requirements

  • File shares and SharePoint sites are periodically scanned to identify redundant, obsolete and trivial files (ROT).
  • A user designated as the Data Steward for each department is provided with access to the results of these analyses.
  • It is the Data Stewards task to identify and take each opportunity to improve how the department is using the file service.
  • The Data Steward may delegate access to analyses for specific users and request that they assist in removing their ROT data.

Efficiency Improvements in File Service Use

Control Data Growth and Guide Deletion of Transitory Files

Targeted Behaviour

Personal and common file shares are growing at approximately 60% p.a. Much of the content of these storage repositories is redundant, obsolete and/or trivial. Users and teams are hoarding irrelevant data.

Directive

Hard or soft limits for file share size should be put in place. These should be used to indicate to the users what the expected suitable size is for a file share. Users should have access to actionable-reports that guide clean-up of file shares when limits are approached/reached.

Policy Requirements

  • Hard quotas are configured on users’ personal (Home) folders. Notifications are sent to the Home Drive owner when quota thresholds are reached. These emails include a link to self-service dashboards.
  • Soft quotas are configured on common (Department, Project) shares. Notifications are sent when quota thresholds are reached. These emails are sent to the last ten users who wrote into the share and include a link to self-service dashboards.
  • File shares are scanned on a weekly basis. The data is used to refresh self-service dashboards that users have continuous access to. These dashboards list files that are likely candidates for clean-up (old, duplicated, non-business-related file type, etc.).

Efficiency Improvements in File Service Use

Refine and Organize Project Data at Project Close

Targeted Behaviour

Project teams are not reviewing project data on project completion. Large volumes of data is being retained and archived for long periods when only a small volume of that data is subject to retention policies. As project teams are dispersed after project close, knowledge of what should / should not be retained is quickly lost.

Directive

Project working practices should be extended to include a data review step. Project Managers are responsible to ensure that all project data is reviewed and organized at project close; records are identified and all other working documents, copies/versions, reference material, etc. are deleted.

Policy Requirements

  • Regular scans of project folders are carried out. These scans populate self-service dashboards designed to highlight files that are suspected to have low importance.
  • Project Managers should periodically review the content of file shares related to their project(s) – identifying and deleting unused files.
  • When a project is concluded, Project Managers perform a full review of associated file shares – ensuring that all files subject to retention periods are moved to an appropriate location, other important files are appropriately named and organized, and all other files are deleted.

Integrating File Service Data into other Systems

Enriching Incidents Generated by Other Systems

Targeted Behaviour

Security staff find it difficult to prioritise data loss, system failure, data breach, etc. incidents as they lack knowledge of the sensitivity of the data that was lost, has become unavailable, or was unlawfully accessed.

Directive

Incident alert tickets should include relevant information gathered from other systems. In the case of data loss, system failure and data breach incidents, information should be available that exposes the sensitivity, importance and frequency of use of the data in the affected file shares/systems.

Policy Requirements

  • An incident is triggered by another system that concerns a file share, SharePoint site, etc.
  • The creation of the incident runs a set of standard analyses for that repository; identification of PII/PCI that were accessed/modified at the time of the breach, files that may contain password information, etc.
  • The incident management system can also connect to results of analyses that were previously collected via a recurring schedule.
  • Links to related dashboards are added to the incident.
  • Security staff use the additional information to help prioritise and analyse incidents.

03

Solutions

05

Other

More of what we deliver

Reduce risk

Security breaches, cyber-crime and data privacy regulation – your organization’s data will inevitably contain sensitive information.

Reduce cost

Storing your organization’s data is costly, especially when considering all expenses associated with housing the data.

Corporate responsibility

Pressure mounts on all organizations to take more social responsibility – IT services, internal or external, need to incorporate capabilities facilitating CSR.
Northern Parklife icon

Let’s take control over your data management

We accelerate the goals of growth stage companies by providing the expertise and experience they need to hit their next stage of growth faster.
Contact Us