In our age of connectivity, data is the one asset that is critically important to every company. Data shapes a company’s decisions every day, whether it is used to make sales projections or to manage a customer’s health information, and it should be protected with the same zeal of a parent protecting his or her kids. Much like a parent who knows everything about their kids, companies should strive to know everything about their data, including where it is stored, who has access to it, what systems can connect to it and more. Understanding how data is connected and used gives companies a blueprint for how to protect it.
You can begin to understand your company’s data by asking yourself the following 4 questions:
Where Is Our Data?
The first step that any company should take is to know with absolute certainty where its data resides. In today’s world, companies may store data in physical datacenters, cloud environments, user endpoints, home offices or, more commonly, a massive hybrid of all these options. This makes it increasingly complex to maintain an inventory of applications, services and systems that are used for everyday work. This means it can take a large effort to complete this inventory, but it must be done before a company can determine how best to protect its data.
What Types of Data Do We Have?
After locating all your data, you need to know what it is comprised of, whether that is health data, private information, financial data or intellectual property. Of course, this will vary greatly for each company, but it is very important that you understand what types of data you are dealing with before you can determine how to protect it.
Who Can Access Our Data?
This is a tricky on, because knowing who can access your data is easier said than done. That said, some deeper questions to ask might include:
- Which of my users have access to X application?
- Do we have any APIs to external systems?
- Which users have access to our shared folders?
The goal is to produce a complete list of people and applications who have access to your data.
What Data Do I Need to Protect?
The simple answer is everything—but we need to start somewhere right? If you have performed the previous steps correctly, you should have a pretty good idea of what your most critical data represents and who can access it. So, in this step we will focus on prioritization: You must define your data priorities and then create protection strategies based on that.
You can’t protect what you don’t understand, so don’t leave these critical questions unanswered.
Learn more about how DAG Insights can help your organization manage any vulnerabilities posed to your data within your IT environment.
Written by Eduardo Alcocer