More than 80 percent of companies are suffering security and compliance risks due to poorly defined and inadequate data-management policies, according to new research that blames poor management of ‘dark data’ for a host of enterprise inefficiencies.
Fully 83 percent of the more than 1500 IT decision-makers – surveyed across 15 countries in a recent Vanson Bourne-Veritas report – said that their ability to ensure data compliance had been impacted by data management issues, while 82 percent said those issues had impacted their ability to manage data security and risk.
Data-management challenges included having too many different tools and systems in use (named by 40 percent of respondents); having too many data sources to make sense of (38 percent); lack of a centralised strategy for data management (35 percent); and lacking the right skills or technologies (34 percent).
Some 26 percent admitted being unable to back up and recover data reliably, while 21 percent simply don’t know where all of their data is located.
This had fuelled a situation where 52 percent of Australian and New Zealand companies’ enterprise data remains untagged and unclassified. The situation was even worse in relation to cloud data, with 65 percent of ANZ companies admitting they have classified less than half the data stored in public cloud systems.
These practical deficiencies not only generated estimated losses of over $US2 million ($A2.9m) annually, but create massive exposures for businesses facing increasingly onerous requirements around compliance and security.
“Businesses must never keep their dark data reservoir as an afterthought as it is an enticing target for cybercriminals and ransomware attacks,” Veritas Technologies ANZ managing director Howard Fyffe said in a statement. “The more organisations know about their data, they better they will be at judging its value or risk.”
Poor data management leaves businesses unable to meet the requirements of new privacy regimes such as Australia’s Notifiable Data Breaches (NDB) scheme or the EU’s general data protection regulation (GDPR) – which spurred more than 206,000 reported privacy breaches in its first year.
Poor visibility and control of enterprise data has long been flagged as a hindrance to GDPR compliance, and the latest figures suggest that little has actually changed despite years of efforts to improve data management.
Yet compliance and security weren’t the only areas suffering: more than three-quarters of respondents blamed poor data management for issues around the speed of operational insight, the speed and reliability of data access, ease of data sharing across business functions, and recoverability from data loss or ransomware attacks.
Improving the management of data involves taking steps around classifying data; leveraging data-classification policies to better understand and manage their data; and tapping into evolving AI and machine learning-based methods for automating the management of that data.
Of those organisations that have been focused on implementing effective data management initiatives, improved data compliance and data security were by far the most common benefit – with 38 percent of respondents saying they are already experiencing improvements in those areas. That was 10 percentage points ahead of the next most-cited benefit, which was the transition to becoming more agile or innovative.
Indeed, better data management was linked with a high return on investment, with every dollar said to be returning $2.18 in benefits.
The key was to balance data classification objectives with the capabilities of data-classification automation systems. “With the average company holding billions of data files, manually classifying and tagging data is beyond human capability,” Fyffe noted.
“Businesses must implement data management tools with algorithms, machine learning, policies and processes that can help, manage, protect and gain insights from their data, regardless of where it resides within the organisation.”