2019 was a year of high profile data breaches with new stories of hacks being published in the media almost every week. In October last year, NordVPN, a virtual private network provider, had an expired internal private key exposed, allowing anyone to imitate NordVPN. With every hack, consumers become increasingly wary, and boardrooms across the globe face increasing pressure to protect their organizations’ data.
Yet, when we examine our data vulnerabilities, what are we really looking at? If your organization is only considering the neat rows and columns of a database, then you’re missing a big part of the picture. I’d venture that structured data is what the majority of the general public associates with data, and data breaches. Structured data is stored in rows and columns of databases, spreadsheets, or CRM and ERP systems, among other systems of record, and when many business leaders plan for preventing hacks and breaches, they plan with structured data in mind.
That narrow view leaves out a tremendous amount of data, referred to as unstructured data, and that can leave potential liability unaccounted for. How many times have you taken a picture of your license and submitted it as part of a financial process? Scanned a form and attached it as part of an application? Had a telephone call to customer services recorded? Documents, pictures, audio, and video are all means of storing data about consumers in an unstructured way. Unstructured data represents any data that does not have a recognizable structure. It is unorganized and raw and can be textual or non-textual.
If you’re thinking back to the countless times you’ve shared unstructured data with an organization, you’re not alone. Unstructured data has become an integral part of how organizations conduct digital business on a daily basis. It’s often what enables an easier, faster customer experience. For example, would you rather fill out generic forms detailing your car’s damage after an accident or instantly share an image with an insurance agent? For convenience, we are all likely to opt to share unstructured data with an organization, and businesses will continue to incorporate it into their processes for exactly that reason. Given that, it’s no surprise that Gartner predicts that, by 2022, 80 percent of all global data will be unstructured.
With the growth of unstructured data comes the unfortunate truth that it’s much more difficult to control and secure than structured data. For example, if an employee is taking information in the form of unstructured data and moving it elsewhere, they may store the original document or picture on a local file share or send it in an email as an attachment. Within one organization, the process for handling documents could vary across employees and teams, and it’s very likely that management has no idea this is happening.
Unstructured data doesn’t have to be a forever risk, though. It’s entirely possible for organizations to manage and incorporate it into safe data practices and protocols. For that to happen successfully, business leaders must do the following:
· First, acknowledge that unsecured unstructured data is a problem within the organization. Add it as an urgent priority for the IT or data security teams to address. Don’t wait until an issue arises or assume that hackers are going to go after larger volumes of what one assumes is more “attractive” data. We’ve learned that hackers are unpredictable and that no organization, no matter the size or scope, is immune to the threat.
· Second, an organization needs to get a handle on what exactly their unstructured data is, where it currently lives, and how it flows – even if that differs across the business. In order to solve this problem, management needs to have a holistic view of the extent of the problem.
· Finally, and most importantly, organizations need to deploy systems and processes for handling and storing unstructured data throughout its entire lifecycle. This means from the moment a customer delivers a piece of information to the moment it’s destroyed there there needs to be a very clear system in place. To help with the burden of large volumes of customer information, much of this workflow should be automated. This moves responsibility away from the employee while ensuring complete, auditable governance and security.
Unstructured data may seem to be another unwanted data problem, but it’s actually a vital tool in improving outdated processes and enabling truly digital business. Fortunately, we have the technology available to manage this data in a way that helps us achieve our outcomes rather than getting in the way. The ultimate goal for unstructured data management is enforcing security and privacy while seamlessly enabling exceptional customer and employee experience.