SOAR technologies strive to automate some of the repetitive human effort required to maintain a strong security posture. Here's how SOAR tools fit into an enterprise security strategy.
Data as the new oil: The danger behind the mantra
Too many CIOs do nothing with the data – or store it unsafely. Ask these critical questions about your data practices
Not a week goes by that I don’t hear a tech pundit, analyst, or CIO say “data is the new oil.” This overused mantra suggests that data is a commodity that can become extremely valuable once refined. Many technologists have used that phrase with little knowledge of where it originated – I know I wasn’t aware of its origin.
It turns out the phrase is attributed to Clive Humby, a British mathematician who helped create British retailer Tesco’s Clubcard loyalty program. Humby quipped, “Data is the new oil. It’s valuable, but if unrefined it cannot really be used. It has to be changed into gas, plastic, chemicals, etc., to create a valuable entity that drives profitable activity; so must data be broken down, analyzed for it to have value.”
While there is plenty of truth in Humby’s idea, there is also an inherent warning. The data must be refined to be useful, but it must also be used. I have worked with enough CIOs in my career to know that many will retain as much data as possible in the hopes that they may someday get value from it.
These CIOs become, in a sense, digital hoarders, believing that someday they will have enough time or funding to unlock the value of this data. As digital dust gathers on unused data, the cost of storage continues to increase – along with potential risks if the data is compromised.
[ Read also: 3 reasons data hoarding may not pay off. ]
The cost of poor data security practices
What happens when CIOs collect, but do nothing with, the data, or store it improperly? Data, like oil, can be toxic when misused. Each week there seems to be a story about data being stored on unencrypted systems or behind insufficient security.
With the rise of ransomware, many cities are discovering the true cost of poor data security practices: Just recently, Baltimore lost more than $18 million due to a ransomware attack. While there’s no way of knowing whether these cities were storing data they didn’t need, the relative ease with which cybercriminals have been able to access these systems only highlights another truth about unused data that’s not properly managed: “With great data comes great responsibility.”
Not only does storing vast amounts of unused data put your organization, customers, and partners at risk, it’s also costly to store. One study suggests that data overload could cost organizations up to $3.3 trillion cumulatively by 2020. Data, unlike oil, is an infinite resource that grows with use rather than being depleted. And it’s growing at a monumental rate. By 2025, it’s estimated that 463 exabytes of data will be created each day globally, according to the study. Proper data lifecycle plans must be put in place to adequately plan for the onboarding and offboarding of data in a cost-effective and secure manner.
Consider a data diet: The new keto
CIOs, take time to understand where your data is being stored. With the adoption of cloud-first strategies, data is stored off the network, and once the contract is signed, it may not be reviewed often. For each vendor that holds your data, have you reviewed their cloud security or disaster recovery policies? How much of your data do they have? What is their recovery point objective (RPO) and recovery time objective (RTO)? How have their policies changed since your contract was signed? While the data may no longer be stored on your own systems, you will nonetheless answer for breaches when they occur.
While doing these exercises, look at your organization’s data policies. Work with your teams to make sure critical backups are occurring and have been tested. When was the last time you updated your cyber insurance policy? If your data sets have grown sufficiently over the last year, do you have proper coverage? Are you storing too much data? What is the cost of your storage? Have you spoken to legal to understand the risk in the event of litigation? Do you have adequate e-discovery systems and policies? This exercise is less stressful and less costly before litigation.
All of these exercises may seem like a large project, but it reduces the risk of data toxicity within your own organization and helps ensure you are being a good steward of your organization’s data.
Now look at your own personal data. Perhaps consider going on a personal data diet. Think of it as the hot new keto diet, but instead of reducing carbs, you’re reducing gigabytes. Clean out your mailbox, empty that downloads directory, delete all those memes you will never need. Be sure your personal devices are encrypted, including hard drives and USB drives.
While you’re at it, make sure to back up your critical data, including the thousands of pictures you have taken and have never looked at or printed. Your personal data may not be an oil well, but some of your digital memories may become invaluable in future years.
[ You don’t need a lot of data, a huge budget, or large teams to find value in your data. Read also: 4 big data myths, busted. ]