Condrey Corporation strongly supports Data Privacy Week running from January 21-27, 2024. As summarized by the National Cybersecurity Alliance, Data Privacy Week “… is an annual campaign with the goal of educating the public about the importance of online privacy.” This education includes how personal identifiable information (PII) is used, regulated, and sometimes exploited. Technologist Gary Kovacs said “Privacy is not an option, and it shouldn’t be the price we except for just getting on the Internet.”
There are innumerable national, international, industry, and state regulations pertaining to the protection of PII, with more being added all the time.
Much of PII resides as records in an application database. For example, a user’s full name, birthdate, Social Security Number, and tax filing information might reside in a state government database. Data stored in an application database is oftentimes referred to as structured data. Organizations protect regulated personal structured data through firewalls, authentication and authorization systems such as identity and access management (IAM) systems, encryption, data masking, and more.
But too little emphasis and consideration tends to be given to personal information stored as unstructured data. Unstructured data is all the data that cannot reside in a database and includes word processing files, presentations, spreadsheets, media files, and much more. And yes, unstructured data can include PII. As a recent article in Infosecurity Magazine pointed out: “Unstructured data is routinely undermanaged and hard to control and track as users take sensitive files from controlled repositories, store them on laptops, mobile devices, and cloud services, and share them in collaboration applications. This means more information, and more sensitive information, exists everywhere.”
Unstructured data that includes PII should therefore be identified and secured from being accessed by unauthorized users. Unfortunately, with organizations storing many terabytes or even petabytes of unstructured data, finding where these files reside and who has access to them is a tremendous challenge, but is the necessary first step in securing PII in unstructured data.
Security magazine calls this “conducting a data inventory audit” stating: “It’s hard to protect enterprise data if the security team doesn’t know where it is — which means organizations need to improve their visibility. Security teams can start by conducting a data inventory audit to better understand where the enterprise’s most sensitive data actually lives. There’s nothing revolutionary about this idea — in fact, it’s been step one for data protection for more than 30 years. Still, it can be surprising how many companies acknowledge that they’re still at this step. This is a growing problem today because as networks become more complex and organizations collect an ever-increasing volume of data, starting a data inventory from scratch will only become harder with time. Don’t fall into that trap — security needs to know where the metaphorical ‘crown jewels’ are.”
To address “step one” of data protection, Condrey Corporation develops Galileo™. Galileo inventories Microsoft network file systems and 365 cloud application libraries to deliver the detailed file storage insight you need to optimize and secure your network and Microsoft 365 cloud application storage for efficiency and compliance with privacy regulations.
If step one is gaining insight into your stored data, step two is taking needed action. Senergy™ from Condrey Corporation automatically takes needed action to protect unstructured data containing PII and other confidential information through governance policies that you establish. Through these policies, identified files containing PII can be moved to more secure locations on the network, secured from unauthorized access, archived or deleted, locked down so that NTFS permissions can’t be modified, and more.
Of our hundreds of customers worldwide, all are somehow affected by privacy regulations, and with each, privacy is indeed, “not an option.” That’s why we’ll continue to develop and enhance software products for identifying and securing files, including those containing PII.