Data discovery is the first hurdle on the path towards GDPR compliance
Feeling uneasy about GDPR, but can’t put a finger on it?
To say that today’s regulatory environment is challenging would be an understatement. Although many of the core challenges with managing information have been around for decades, today they play out on a much more complex level. With sensitive information scattered across the organization, achieving compliance requires new tactics and tools.
Complex is the new normal
When it comes to managing information, modern organizations have to deal with three dimensions of complexity:
- Breadth
Modern information management environments involve dozens and often hundreds of business systems and applications inside and outside the organization. Some of the data is in the cloud, some is on the internal networks, and some is on numerous user devices. Even the data itself varies broadly, with hundreds of file formats commonly used within the organization.
- Depth
We no longer live the flat data world. Today, our data has multiple levels and dimensions including metadata, comments and annotations, files embedded inside other files, or information that is copied from one file and pasted into another. All of these layers can contain information that is protected by regulation or internal policy, but the layers of complexity make it hard to detect and manage with traditional tools.
- People
The people in and around your organization – employees, partners, and vendors – represent the most significant security and compliance risk. While most don’t intentionally engage in malicious behavior, they will usually choose the quickest and easiest path rather than the most secure one to get work done. Most assume that the IT department has data security under control and will not think twice about engaging in behavior that may be risky, like attaching a confidential file to an unencrypted email, or sharing this file on a public drive, or downloading it to a mobile device so they can work on it at home.
Complexity begets rogue data
Given these three factors, sensitive data often ends up in unintended places like shared drives, email archives, cloud storage, and user devices. Here, it exists outside the reach of proper security and compliance controls, and can easily turn “rogue.” This rogue data creates significant security and compliance risks for the organization because its integrity and confidentiality are no longer adequately protected, and it is no longer governed by the required retention policies.
When data exists “below the radar” of the security, risk and compliance teams, it also unnecessarily complicates audits, eDiscovery, and breach responses. Regulations like General Data Protection Regulation (GDPR) impose strict requirements on prompt data breach notifications to the affected parties. Not knowing what confidential information exists and where can unnecessarily compound the crisis when a breach occurs or a device is lost, which can lead to unanticipated regulatory violations and extended investigation, reporting, and remediation times.
Data discovery to the rescue
Loosely managed data is a natural byproduct of how we work today. We rely on a range of collaboration and sharing technologies like email, chat, intranet portals, and shared drives because they are versatile and user-friendly. However, they are usually also less governed. This makes any sensitive information potentially shared on these systems more difficult to find and protect.
To regain control over sensitive data that’s spread across numerous sites, drives, and repositories, organizations rely on sophisticated search and analytics technologies like our Confidential Information Discovery solution. Powered by Enterprise Search technology, this solution can reach inside all these systems, repositories, and file formats to find unauthorized confidential information.
Such technology offers several benefits to the organization:
- Reduced security risk
The right data discovery solution helps close the knowledge gap and identify every place where confidential information resides so it can be adequately protected or moved to an approved location. The solution should proactively monitor for keywords, phrases, and even character patterns in the files and metadata across any number of sites, repositories, drives, archives, email systems (including attachments), and devices.
- Improved compliance
By helping identify and eliminate the presence of confidential information on unauthorized drives, devices, and systems, your solution should help reduce the risk of being non-compliant. It’s also important that it includes a flexible rules engine that allows the solution to be deployed across multiple departments like HR, contracts, and marketing, each with unique target systems and search requirements.
- Empowered security, risk, and compliance professionals
Look for a solution that provides your security and compliance professionals with a powerful and intuitive administration interface, allowing them to set up new queries and alerts with ease. With automated monitoring across a range of systems, your staff will receive notifications when sensitive information is found in unauthorized locations. The solution should also feature extensive file analytics and reporting capabilities to help support and simplify your eDiscovery, auditing, and other information request processes.
- Greater internal awareness
Helping detect when sensitive information shows up in unauthorized places is also an important aspect of the right data discovery solution. Being able to detect and follow up on risky behavior is critical in helping generate awareness and improving policy adherence among your employees. Helping your staff become more security-aware will in turn help your organization become more secure and compliant.
The great thing about data discovery solutions is that they allow your security and compliance professionals to enforce company policies while allowing your business groups and end users the flexibility to use the systems and processes that work best for them.
Final thoughts
What makes new privacy and security regulations like the GDPR so challenging is not so much the technical requirements they impose on organizations, but rather the fundamental shift they require in the practices and culture surrounding information management.
Besides helping organizations meet immediate legal and compliance requirements like GDPR, eDiscovery, and audits, the Confidential Information Discovery solution brings visibility to the internal information management practices, enabling compliance and security teams to leverage data discovery to review and improve policies and procedures.
Want to learn more about how data discovery can help you be proactive, clearing regulatory hurdles like an Olympic gold medalist? Click here to read more and view a demo.
