How can I get a handle on unstructured information in my environment?

How can I get a handle on unstructured information in my environment?

This interesting topic is often overlooked, but I see it increasingly in my security assessment work today. Unstructured information is difficult to secure because it's so pervasive within every network; it's the proliferation of Word documents, Excel spreadsheets, text files, .PDF files and even flat little database files. Many of these unstructured files contain sensitive and regulated information -- literally strewn across the entire network on every single storage device that you can imagine, such as server shares, laptops, thumb drives and so on. These files can often be found in locations that you've never even thought about or knew existed.

Storage security information
I'm coming across operating systems and applications that leave temporary files on the local drives in TEMP directories and even some "crash-dump" files that contain

    Requires Free Membership to View

    Login

    When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.

    Rich Castagna, Editorial Director

    By submitting your registration information to SearchStorage.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchStorage.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

sensitive information. This can become an issue if the information is sent out to a vendor. I'm seeing laptop computers where the users have literally copied entire databases, entire public shares right off of a server -- anything and everything that they can copy onto their system so they can take it with them and work offsite. When performing security assessments, I see just a Windows desktop with sensitive files and information right there. Outlook .PST files are another repository for sensitive communications. I'm even seeing sensitive data unsecured on mobile devices, like PDAs and smart phones, where users are storing sensitive customer information.

I'm a strong believer that documented policies can only go so far. When finding and protecting unstructured information, you absolutely have to use technology to help. Numerous vendors now provide products to help manage security. Use tools to figure out what you have, where it is, how it's classified (e.g., public, private, sensitive, confidential, etc.), then take the internal steps to better organize and manage that unstructured data, and protect the data with better authentication and access controls within the network environment. Finally, educate your users so that they are aware of the sensitive nature of their data and the security risks carried with it. This will take effort, but it's a very important issue that requires serious attention.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.


This was first published in March 2007

Back to top