FAQ

How can I get a handle on unstructured information in my environment?

This interesting topic is often overlooked, but I see it increasingly in my security assessment work today. Unstructured information is difficult to secure because it's so pervasive within every network; it's the proliferation of Word documents, Excel spreadsheets, text files, .PDF files and even flat little

Requires Free Membership to View

database files. Many of these unstructured files contain sensitive and regulated information -- literally strewn across the entire network on every single storage device that you can imagine, such as server shares, laptops, thumb drives and so on. These files can often be found in locations that you've never even thought about or knew existed.

I'm coming across operating systems and applications that leave temporary files on the local drives in TEMP directories and even some "crash-dump" files that contain sensitive information. This can become an issue if the information is sent out to a vendor. I'm seeing laptop computers where the users have literally copied entire databases, entire public shares right off of a server -- anything and everything that they can copy onto their system so they can take it with them and work offsite. When performing security assessments, I see just a Windows desktop with sensitive files and information right there. Outlook .PST files are another repository for sensitive communications. I'm even seeing sensitive data unsecured on mobile devices, like PDAs and smart phones, where users are storing sensitive customer information.

I'm a strong believer that documented policies can only go so far. When finding and protecting unstructured information, you absolutely have to use technology to help. Numerous vendors now provide products to help manage security. Use tools to figure out what you have, where it is, how it's classified (e.g., public, private, sensitive, confidential, etc.), then take the internal steps to better organize and manage that unstructured data, and protect the data with better authentication and access controls within the network environment. Finally, educate your users so that they are aware of the sensitive nature of their data and the security risks carried with it. This will take effort, but it's a very important issue that requires serious attention.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.


This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: