Security vendor Symantec’s latest research found nearly half of all business information sits outside corporate firewalls. They’ve dubbed this phenomenon “information sprawl” and recommend five strategies for containing it.
You’re probably aware of the impact mobility (especially BYOD) and cloud computing have on your company’s data. If your employees use mobile devices for work, that’s likely increased the amount of data being stored on smartphones and tablets. And you may already store company data in the cloud, so you don’t have to worry about buying and locating more physical storage in-house.
All this means more and more data sits outside of your control, beyond the protection of your firewall. And that’s what Symantec means by “information sprawl.”
Why you should care about information sprawl
As Symantec points out, information sprawl deserves the attention of IT managers everywhere because of the wide-ranging and often negative effects it can have on businesses, namely:
- Greater exposure to data breaches — It was identified by 25% of the participants in the firm’s 2012 State of Information Report as a “significant factor” in information mishaps, such as exposure of confidential information via the loss or theft of mobile devices (which one-third of the businesses surveyed had experienced).
- More difficulty finding important information — Survey participants said, practically speaking, it just makes it harder to find the information they need to make informed business decisions because a large portion of the company data stored on mobile devices and in the Cloud is unorganized and difficult to locate.
- Low storage utilization — The organizations Symantec surveyed reported low storage utilization rates or inefficient data storage both inside and outside their firewalls — an inefficient and perhaps costly way to do business.
You don’t have to go too far to find an example of the negative effects of information sprawl. Just recently, NASA announced a thief had broken into the locked vehicle of an agency employee and stolen a laptop containing records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors and others.
How to contain information sprawl
Symantec recommends five strategies for dealing with information sprawl:
- Focus on protecting the data, not the device (for example, NASA says it will no longer rely on passwords alone and going forward, all laptops will use whole disk encryption software)
- Separate useless data from valuable business information and design security measures accordingly
- Use deduplication and archiving technologies to manage exponential data growth intelligently
- Create information policies for wherever data is stored — physical, mobile, virtual and cloud environments — and enforce them consistently, and
- Take future storage needs into account when planning infrastructure changes and consider flexible, agile solutions that are scalable.