Authored by Michael Orozco, Managing Director, Cybersecurity Services
Unstructured data is often difficult for organizations to monitor and track, as it is commonly in formats designed to move freely in and out of the organization. Ensuring that this data is properly secured both internally and externally may require specialized solutions. In this article, we will discuss the challenges of protecting unstructured data and the requirements for adoption of an effective protection solution. We will also explore the benefits of proactively and effectively protecting unstructured data as it travels and lives inside and outside the enterprise and provide some guidance on what to look for when evaluating potential solutions.
Challenges of Protecting Unstructured Data
Developing an effective approach to protect unstructured data and ensure compliance to security policies and standards faces the following challenges:
- Proactive Protection: The protection approach should be proactive, and not only applied when data loss is occurring or detected. A proactive solution prevents data loss from happening in the first place by protecting documents at the time of origination, protecting the data at the source and when the document is created.
- High Coverage: To be secure during transmission and storage, encryption should be applied as much as possible. Decryption should only be applied temporarily while in use by an end-user for processing, then encrypted again upon closing or before sharing.
- Agnostic to Storage or Transmission Mechanism: The protection approach, once applied, should work on any cloud storage or transmission platform or medium and protect the documents without an additional burden on admins or users.
- Inside and Outside the Enterprise: The protection should be seamlessly effective whether the content resides and is transmitted only inside the enterprise, or whether it is transmitted and shared outside the enterprise.
- Visibility and Insight: The approach should also have built-in features to enable the enterprise to know events that occurred on protected documents (whether they occur inside or outside the enterprise) and be able to glean insights into enterprise-wide patterns of data usage; this will facilitate compliance and auditability of the enterprise.
Anyone charged with implementing an enterprise DLP strategy and architecture will confirm that the above listed criteria are difficult to implement.
Requirements for Adoption
For rapid and effective adoption, the ideal protection solution must have the following characteristics:
- Easily and Quickly Deployable: Out of the box, seamless integrations with existing enterprise infrastructure such as IDP and IAM tools (e.g., Active Directory, Azure AD, and Okta) and business applications and platforms (e.g., MS Office, PDF viewers and editors, email clients, messaging, and collaboration platforms) is essential to efficiently apply protections and demonstrate effectiveness to encourage adoption across different industries and jurisdictions.
- Low Friction Usability: For widespread, regular adoption, the solution should impose minimal additional effort from end-users (if they must be involved at all). This approach should be completely transparent and take place in the background. If an end-user must be involved, it should only require a few clicks and not disrupt their workflows or require them to learn new, complex tools or procedures. This is especially true for workflows that involve collaborators outside the enterprise – end-users must be able to share documents with external collaborators without a reduction in security or an increase in complexity.
- Zero Trust: No single entity (services, servers, users) should be a single point of failure, and enterprise content should never be stored or exposed to third parties, including the solution provider Also, if any cryptography is used, keys should be under the control of the enterprise and never reside with the content (as is, unfortunately, often the case).
- Compliance with Standards: When cryptography is used, it should be used as a building block. It should be compliant with existing national and international standards from well-known organizations such as NIST and ISO, and easily upgradable to be post-quantum to ensure seamless transition to newly developed standards[5].
- Automation: Various forms of automation must be built-in to the protection approach to keep up with the high rate of unstructured data generation in the enterprise, and the large number of entities such data could be shared with (inside and outside the enterprise). Automation is essential to be able to protect the Petabytes of historical and archived data large enterprises typically store.
- Fair Pricing: The pricing should be flexible and able to accommodate various size enterprises, and be charged based on usage, required features, and integrations. No one can overlook that price and affordability are a consistent factor that must be considered.
Benefits to Enterprise Security and IT, Legal, and Compliance
Proactively and effectively protecting unstructured data as it travels and lives inside and outside the enterprise provides the following benefits and returns to the enterprise at large:
- Avoiding Lost Productivity: Hundreds of hours of valuable employee time are regularly lost due to data leaks, especially in regulated industries such as defense, banking, and biotech. Such time is spent on forensics and assessment, investigations, sanitizing existing devices and infrastructure, or setting up new ones. Platforms that can prevent such leaks will obviate the need for such forensics and assessments, or at least lessen the forensics effort required by providing visibility and monitoring capabilities.
- Avoiding Fines: The average cost of a data breach[6] continued to rise in 2022 and has reached an average of $4.4 million globally (13% increase since 2020) and is now $9.4 million in the United States. Fines are only going to increase as more regulations are enacted.
- Protecting Brands: Brand damage can cost an enterprise tens-or-hundreds of millions in lost revenues and spending to rebuild reputations.
Getting It Done
Securing an organization’s unstructured data can be a significant challenge. Unstructured data is more difficult for an organization to monitor and track and is commonly in formats designed to move freely in and out of the organization, such as email and documents. Ensuring that this data is tracked and properly secured both internally and externally may require specialized solutions.
Solution providers that can address the requirements for adoption and provide the much-needed benefit to the enterprise are beginning to emerge, although in a limited manner. These new solutions can offer the ability to identify, control, and secure data within an organization from its point of initial creation. When evaluating potential solutions, look for one that offers policy-based access controls and implements strong encryption of data at rest and in transit.
Protecting unstructured data is a critical step towards ensuring the security of an enterprise. The challenges of protecting unstructured data, such as the need for proactive protection and high coverage encryption, can be difficult to overcome. However, the benefits of doing so, including avoiding lost productivity and fines, are substantial. By adopting solutions that are easily deployable, have low friction usability, and comply with standards, organizations can protect their unstructured data and avoid the risks associated with data breaches. In today’s world, where data breaches are becoming increasingly common, it’s more important than ever to protect your organization’s unstructured data.
Additional Resources
In the first installment of this series, we explore the challenges that unstructured data presents to modern enterprises and examine new approaches that can help keep sensitive information secure. Discover how encrypting sensitive data using advanced algorithms can protect your enterprise from data loss, safeguard your data, and ensure compliance with regulatory frameworks.
To view and download the full whitepaper, click here.
[5] Post-Quantum Cryptography | CSRC (nist.gov)
[6] Average Data Breach Costs Soar to $4.4M in 2022 (darkreading.com)