What are companies doing with their sensitive data?

All too often, we don’t actually get a look into how companies store and organize their data until there’s a high-profile breach that comes to light. A recent study looks to shed some light on how this crucial IT practice is handled. 

There was a time not too long ago when storing data was essentially the same, regardless of the type. It was kept on-site in proprietary servers.

But these days, obviously, things have changed thanks to the cloud and various developments in storage. And now it’s more important than ever that data is stored responsibly.

Classifying and storing data

Hanging onto data is easier than ever, and many organizations are taking advantage of that for analytics purposes.

But many are also hanging onto that data with less well-defined goals, taking the approach of keeping it as long as they can in case it someday proves useful.

Data stored indefinitely is a risky proposition. While it may someday be useful to you, it’s almost certainly useful to hackers and malicious insiders. According to a Protiviti survey on data security, a third (33%) of organizations don’t have a clear classification system or policies for categorizing data’s sensitivity.

And many don’t see the need for removing data they aren’t using. Other findings included:

  • 17% of organizations save all data and records with no set destruction date
  • 43% retain all data with a pre-determined destruction date
  • 18% have basic classification guidelines with few specific retention and destruction policies
  • 15% have detailed classification policies with defined destruction and retention, and
  • 5% have no data destruction or retention policies at all.

And 20% of those organizations reported that their C-level executives have limited or no knowledge of data retention and destruction policies.

Where’s it all going?

Just as important as where this data is kept is how it’s stored. The survey reveals that companies store their most sensitive data:

  • on-site servers (66%)
  • off-site servers (18%)
  • with a cloud-based vendor (8%), and
  • not in a centralized location/don’t know (8%).

It would seem that companies that are categorizing their most sensitive data don’t trust it to outside providers.

Analysis: Have a plan

One of the most crucial ways to protect data is to know what you have and where it is. It sounds basic, but this is a step that’s missed far too often.

Data breaches aren’t always high-value targets that are sought after. It’s the stuff that gets stored away and forgotten about until it’s pulled by a hacker who found it by chance.

If nothing else, it’s important to have a general idea of what you will be keeping, where you’ll store it and for how long. Deleting data forever might seem like a risk, but in the long run hanging onto it without any definite plans is much more likely to be regrettable.


Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy