5 Data security tips every IT manager should know

The past few months have been full of news coverage around data breaches and the need for data awareness. From hospitals to universities to children’s toys, data attacks are coming full force, and IT pros …

3 Questions answered by the Verizon Data Breach Report

Verizon’s annual Data Breach Investigations Report has become a hallmark of the security industry’s progress, as well as its preparedness against attackers and breach incidents. This year’s theme is, “Security should be a driving force, …


Great product teams play bingo, not basketball

I totally admit that I drive product folks crazy. I am a huge believer that it is the responsibility of every person in a company to help ensure complexity and gratuitous innovation don’t creep into …

Do you know where your sensitive data lives?

One of the biggest challenges organizations face today in trying to secure their IT environments is a lack of data awareness. Despite all the recent high-profile hacker attacks against well-known enterprises, many companies simply don’t know where much of their critical business information exists at any given time.

If you think about the files lying around that contain personally identifiable information, such as your name, address, Social Security number and credit card number, and then multiply that by exponential values, that’s what the average organization handling customer information must protect.

But before they can even think about protecting the data, organizations must first identify it and determine where it resides. They need a way to discover where all these sensitive files are located, what type of information is stored within those files, who is accessing the information and how frequently they are accessing it.

In a recent interview with Small Business Digest, DataGravity CISO Andrew Hay discussed why the need for complete data awareness is becoming more important every day. Threats are continuing to expand. And as long as personal information has a tangible financial value associated with it, combined with the ease by which someone can acquire that information from a compromised company and then sell it, threats will keep evolving.

We’re not talking about attackers who are doing this from their parents’ basements. That’s not the typical profile of an attack against corporate systems. These are loosely organized, or even formally organized, criminal enterprises that are doing this as a business.

They are compromising hospitals, financial services firms and other companies and trying to get as much information as possible to sell on the underground market or dark web. Much of that information represents tangible financial gains, so these types of incidents will likely keep getting more organized and expanding considerably.

Organizations can better protect themselves and their data; the first thing they need to do is become data aware – understand where sensitive information is located so they can protect it. Lots of companies are throwing money into security products to protect their information assets, without even knowing for sure what it is they’re protecting and where these assets are.

Becoming more data aware and then deploying the appropriate security measures can be a challenge, especially for smaller companies focusing on their basic business operations rather than on data protection. But considering the risks of not effectively safeguarding sensitive information, all organizations need to become data aware on their way to becoming more data secure 

Is your data at risk? Get a free security assessment.

  Like This

David Siles

David is Chief Technology Officer for DataGravity. Prior to becoming CTO, David served as vice president of worldwide field operations at DataGravity. Previously, he was a member of the senior leadership team at Veeam Software. He also served as CTO and VP of professional services for systems integrator Hipskind TSG. A graduate of DeVry University, he is a frequent speaker at top tier technology shows and a recognized expert in virtualization.