Last week I came upon an article entitled, “Beware the Dangerous Databerg Lurking Beneath Your Business’ Surface.” Apparently awareness of all the ways dark data can damage a business is still incredibly limited—so much so that Veritas actually determined there was a need to post this sponsored piece on CIO.com.
Okay, I’ll admit it. I wasn’t surprised when I saw this piece. But I am a little disappointed that in 2017 we still need to talk about the security and compliance threats posed by dark data—five years after Gartner first coined the term and described its risks. And I don’t mean needing to talk about what to do with it. I’m talking about still needing to inform the business and IT communities that the threat of undocumented and uncataloged data exists at all.
Lets first look at it from the compliance angle. If an organization is collecting, storing, exposing or otherwise mishandling financial, medical, or any other sensitive information in a non-compliant way, that organization is at risk either from a legal, financial, or—potentially even worse—reputational perspective. And for any company conducting business in Europe, it’s about to get even more complicated. In just a little over a year, the European Data Protection Regulation (GDPR) will go into affect. The GDPR is a set of laws that will give consumers an unprecedented amount of control over how their personal data is used. Here in the US, the FCC recently handed down new rules that will force broadband providers to give customers greater choice and transparency in the use of their data. Now, I personally think these are great things potentially for both businesses and consumers. But breaking GDPR protocols alone could cost organizations as much as €20,000,000 or 4% of their total worldwide revenue (whichever is higher… yikes!). And as Veritas wrote, how can businesses comply with such regulations when they don’t know what and where most of their data is even located?
With the compliance risk comes even bigger concerns around data security breaches. Go ahead and look at Target, Home Depot, Sony, Anthem, or Yahoo! to get an idea of just how devastating such breaches can be. A simple Google search will show you the hundreds of millions of dollars consumed by the various fines and class action lawsuits that followed. And this is nothing compared to the billions of dollars they could still be losing due to tarnished reputations and weakened brands. (You tend to lose a customer’s trust when you let their personal and financial information slip into the hands of cybercriminals.) And here we are mostly talking about consumer data. What about the risk of leaking highly confidential corporate intelligence? Business operations, competitive strategy, M&A plans… This is all information that could be lurking among the data that you swear someone within the organization will get to…. eventually.
If you think not knowing what’s in all the dark data laying around your organization somehow makes it safe, think again. You may not be ready to catalog your data, but you can bet there are hackers out there who are more than happy to do the job for you.