Unstructured Data Threats and How Top Experts Say You Can Handle It

In the realm of data management, the term “unstructured data” has increasingly become a buzzword. While the data-driven future beckons us with promise, it’s essential to manage the vast amounts of unstructured data effectively and securely. In the latest webinar presented by Juha Sallinen, the founder and manager of GDPR Tech, the complex world of unstructured data took centre stage. Juha was joined by a distinguished panel of Nina Barzey and Petri Aalto who brought different perspectives to the conversation. The webinar discussion was not just about understanding what unstructured data means but also about identifying the potential risks associated with it and how to manage them effectively. Let’s decode the message the panel shared.

Defining Unstructured Data

According to an IDC whitepaper from 2019, it’s anticipated that by 2025, most of the data will be considered unstructured. But what exactly is unstructured data? Unlike structured data, which is organized in rows, columns, and databases, and is easily searchable and protected, unstructured data is quite the opposite. Examples of structured data might be a customer list in a CRM or a well-maintained database of transactions. Unstructured data, on the other hand, can be files, spreadsheets, emails, or even IoT-generated data. It’s not stored in a specific format or location, making it hard to track, manage, and protect.

The Growth and Challenges of Unstructured Data

Each year sees an exponential growth in data, especially with the shift towards cloud storage. However, despite the growth and the evolution of storage mechanisms, much of this data remains unstructured. Alarmingly, it’s estimated that 80-90% of organizational data is unstructured, and about 60% of that is either cold or dark data. This refers to data that’s outdated and should either be deleted, archived, or purged.

Yet, the challenges don’t end there. Many organizations lack clarity on data ownership. The question of “Who owns this piece of data?” often goes unanswered. Without clear ownership, it becomes a challenge to make decisions regarding data retention or protection. And, many a time, sensitive data finds its way into inappropriate storage spaces like public file servers or unprotected SharePoint sites. Compounding these challenges are inconsistent access management processes and the ever-evolving landscape of technology, which often leaves users confused about the correct protocols for storing and sharing data.


Risks of Mismanaged Unstructured Data

In the webinar, Sallinen and the panel pointed out a few glaring issues that arise from mishandling unstructured data:

  • Lack of Data Ownership: Without clear ownership, decision-making becomes a challenge.
  • Inadequate Data Protection: Often, unstructured data isn’t adequately secured, making it accessible to anyone within an organization.
  • Sensitive Data in the Wrong Places: Health data, for instance, might be found in unprotected servers or shared sites.
  • Issues with Identity Access Management: Even if processes are in place, they’re not always followed.

These mishandlings can lead to significant data breaches, with vast amounts of data being lost to third parties. From ACER reporting a loss of 160GB of data to Panasonic admitting a breach due to unauthorized access, the examples are numerous and alarming.

Gaining Control Over Unstructured Data

Addressing these challenges requires a holistic approach. Organizations need to relook at their security and privacy strategies, map out data architecture, and have a clear retention policy. The data access strategy also needs revisiting to ensure that only authorized personnel have access to sensitive data.

One of the primary recommendations from Sallinen is to conduct a data assessment. Understanding where the data resides, its format, ownership, relevance, and legal base is crucial. The age-old data privacy acronym of CIA – Confidentiality, Integrity, and Availability – was reiterated. Data should be confidential, unchanged (maintaining its integrity), and available only to those authorized to access it.

Five-Step Approach to Unstructured Data Management

Based on the studies and GDPR Tech data assessments, approximately 15% of the data has been actively used within the last year. Sallinen’s approach towards addressing the unstructured data challenge can be summarized in a few steps:

  1. End-User Communication: Engage with the end-users, inform them about data assessments, and motivate them for data cleaning.
  2. Fix Access Issues: Remove any blanket access rights, ensuring data is only accessible to relevant users.
  3. Data Governance: Ensure your data governance plans align with the reality on the ground.
  4. Archive or Delete Old Data: Regularly purge outdated data.
  5. Classify Data Content: Understand the nature of data, ensuring compliance with data privacy laws at all levels.

One of the tools Sallinen also mentions is data mapping. By classifying data based on its content and relevance, organizations can pinpoint potential issues and act accordingly. It’s about finding the proverbial “needle in the haystack.”

Effective Management of Unstructured Data for Tomorrow’s Growth

The world of data is vast and constantly evolving. While unstructured data presents significant challenges, with the right strategies and practices in place, organizations can mitigate risks. As Sallinen and the panel put it, it’s about planning, acting, checking, and then repeating the cycle. With diligent management and consistent reviews, unstructured data doesn’t have to be an enigma. Instead, it can be an asset that, when harnessed correctly, can drive value and growth.

The future might be data-driven, but it’s up to organizations today to ensure that this data is managed effectively and securely.

Discover more insights by watching the full webinar. Click here to view it for free!

Dive Deeper and explore “The Future of Unstructured Data: Lessons from the Pegasus Airlines Data Breach” within this webinar series. Click here to read the full article!

Meet the Webinar Panelists

Juha Sallinen: Founder and manager of GDPR Tech, Juha brings to the table a deep understanding of data protection and its real-world applications.

Nina Barzey: Hailing from Sweden, Nina is a seasoned lawyer who spearheads her own advocate bureau. A specialist in data privacy law, she’ll be shedding light on the legal intricacies of our discussion.

Petri Aalto: Based in Finland, Petri is a solution architect with a rich history of crafting and implementing global architectural designs. His vast experience with various global organizations offers a unique perspective on today’s topics.