Where is All Your Data and Who Has Access?
There’s an old Higher School Certificate question that goes something along the lines of, “If two speeding trains are heading in the same direction at different speeds, how long will it take for them to collide?” This is the reality of SaaS adoption in the enterprise today. We’re all moving to the cloud, but our ability to protect all that data can’t keep up.
We recently issued a report, Where is All Your Data and Who Has Access? which examined the current trends around the management and governance of unstructured data, and the results were quite shocking.
The report tapped 340 individuals who are directly responsible for unstructured data at a number of global companies. It found that companies use a wide variety of unstructured data repositories. More than half of the companies we surveyed were storing more than 500TB, and that 9 out of 10 companies are in the process of moving their data to the cloud.
Let’s dive in a little deeper.
Most companies struggle with unstructured data
While employees the most valued asset of any company, data comes a very close second. We found that three quarters of companies have issues with unstructured data, including unauthorised access, data loss and compliance fines.
Virtually every company we spoke to said that managing unstructured data is a challenge. They struggle with single-access solutions, as well as too much data and a lack of visibility. Forty per cent of companies don’t even know where all their unstructured data is stored!
User access remains a major problem. Many access processes are manual, and not kept up to date. With security issues on the rise, access should be a major priority, yet it’s not. Companies do not have the right tools for protecting access to data, and are missing key information about their data and who can see and use it. Most importantly, companies don’t have the ability to enforce a state of least privilege.
Effectively managing identity security is a crucial factor in preventing business-relevant data from being exposed. The Office of the Australian Information Commissioner’s (OAIC) report on notifiable data breaches states that 38 per cent of data breaches were cause by human error.
Implementing a least privilege strategy enables specific users in specific roles to access the necessary assets of your business, including sensitive data and key systems. By managing privileged access, organisations can reduce risks of a cyberattack or breach.
Where is this data being stored?
There’s a saying that data is the new oil, but simply having reserves isn’t good enough. You need to be able to process that data, give access to those who need it, and refine it into useable information.
Most of the unstructured data held by companies takes the form of documents, PDFs and spreadsheets. Our report found that businesses use a wide variety of unstructured data repositories to store and access this critical information.
Unsurprisingly, Microsoft tops the list when it comes to places an organisation is storing its unstructured data. SharePoint accounts for 64 per cent of users, with OneDrive a close second at 58 per cent.
The next two most common repositories are IT-based solutions, including shared drives, at 54 per cent and NAS solutions, at 46 per cent. Other solutions are often employee-focused, including Google Drive (31 per cent) Dropbox (24 per cent) and Box (14 per cent). A majority of those surveyed used multiple solutions, which emphasises these points: companies don’t have a single view of their data, don’t know where it’s all stored, and can’t effectively control access to it.
Given the findings of the report, it’s not surprising that less than one in three organisations are using solutions explicitly designed for governing unstructured data. Those that are using tools to manage this data tend to use a variety of solutions, rather than a single, overarching method. Tied at the top of the list, 70 per cent use Active Directory, while 47 per cent use a data loss prevention solution, and 31 per cent are using a cloud access security broker (CASB).
Companies need to invest in a single tool to manage their unstructured data. Access is of critical importance, yet not enough businesses are taking it seriously enough. Knowing where your data is stored is also key, but we don’t have insight into where it’s being held.
Those trains are rapidly approaching each other. With the danger of data breaches, fines and reputational loss, business needs to take its rapidly growing unstructured data pools more seriously by employing tools that will allow them to know the who, what and where of their data.
Chern-Yue Boey is Senior Vice President of SailPoint