According to New Vantage’s 2019 Big Data and AI Executive Survey, 91.6 percent of organizations are investing in big data and AI. It is no exaggeration to say that the landscape of data has changed beyond recognition. Today’s businesses not only have tape backups and hard drives to contend with, but they have mobile devices, memory cards and virtual environments.
Whilst the importance of data cannot be underestimated, the more data an organization manages, the more risk it carries. It is the ultimate quandary for many businesses. An organization may hoard corporate data assuming that it’s better to keep it for litigation purposes or that it’s cheaper and easier to store it than destroy it. However, this is rarely the case.
Understanding the full lifecycle of data
Most corporate data outlives its use very quickly. To effectively mitigate the risk of data exposure and avoid the costs of storing and handling unnecessary information, an organization should implement an end-to-end process for managing its information from creation to disposal. Data lifecycle management comprises of strategy, process, and technology to effectively manage information, improving the control over an organization’s critical data.
The lifecycle includes six specific phases:
- Create – Data creation occurs throughout organizations. It can take place on-premise either in your data center or on employees’ devices or externally in the cloud. Protecting your data during this phase will include access controls such as passwords, threat scanning for viruses, and data classification that will specify the data type, its location, how it should be protected, and who has access to it.
- Store – Once data has been created, it is typically stored on a computer hard drive or in a datacentre. Storage also involves near-term backups that must also remain protected. Storage protections include access control around who can read and overwrite the data, device control such as data encryption, backups to protect from data loss, plus security measures to protect the backups themselves.
- Use – During the ‘use’ phase, data is accessed, viewed or processed. Protections during data usage include access control, encryption, data rights management for copyrighted information and data loss prevention, which involves software and business rules to prevent unauthorized access to sensitive information.
- Share – Data is often shared amongst internal employees and to corporate partners outside of the organization. Data sharing can occur through the network, via removable media, or across the internet via transfer sites or email. Data sharing safeguards involve access control, encryption, network security (firewalls/intrusion detection) and data loss prevention. When organizations are dealing with third-party vendors, they should have clear measures in place for data removal and verification after services have ceased.
- Archive – For short-term data protection, all data must be backed-up regularly, either onsite or offsite. When an organization needs to retain data for the long term, it can be archived to tape or disk media and placed in remote, secure locations.
- Destroy – When an organization’s data reaches the end of its life, it must be permanently erased. Determining which data is erased, how it’s erased and how that erasure is verified depends on several factors, such as content type, usage needs and regulatory requirements.
No matter what data a company produces, managing data through its entire lifecycle is vital to ensure an organization’s security and compliance. Without a data lifecycle strategy in place, an organization is leaving itself exposed. Lifecycle management shouldn’t be the responsibility of just one department though; there needs to be a collaborative approach that involves all the stakeholders of the business.
Now is the time to cleanse your data. Those organizations that take the time to invest the necessary efforts and resources in data lifecycle management can minimize the risks and costs of their business-critical data now and into the future.