Select Page

Data protection – They can’t steal what doesn’t exist (anymore)

Author: Tim Steele

Corporate data, already incredibly valuable, is growing by as much as 60% per year. So how do you go about ensuring your data is protected?

Deletion of data can be one of the key components, according to a recent article in CIO. You may be wondering, “How can I protect data by deleting it?” Well, there is good reason.

CIO explains the approach and offers several critical pieces of advice in the article, Data deletion: Your data strategy’s greatest defense:

Don’t collect what isn’t needed

It sounds obvious, right? But, it is a process many companies cannot seem to implement. Your data protection strategy can and should begin simply with one collection practice: do not collect what you do not need.

Why avoid unnecessary data? First and foremost, there is a cost to store and maintain all data, regardless of whether it is useful to an organization. So it is a waste of resources to hold onto that which is not needed—and it is estimated that about one-third of an organization’s data is considered redundant, obsolete and trivial (ROT).

Next, data that is useless is not harmless.

The costs of keeping data are higher than you think, and the benefits are lower. There is a chance it will be useful and contribute to analysis. There is a chance it will be harmful — like being lost in a breach or subpoenaed in a lawsuit. The chance it will be useful goes down over time, but the harm value stays the same. If you lose the address somebody lived at five years ago, the EU (European Union) doesn’t care that it was inaccurate data that you didn’t want and wasn’t helping your business; losing it is still losing it. At some point, those lines cross. You should toss data before they cross.

Jon Callas – Senior Technology Fellow at the ACLU

At Heureka, one of the main questions we pose to our clients is, “do you think your organization is spending too much time and money protecting data that is meaningless?” How would your organization answer that question today?

High-risk data

So, what data is your organization storing that you would be better off without? The analysis should begin with knowing what types of data your organization has that may pose the greatest risk. Generally, it is that with little or no business value. CIO provides several pointers:

  • Ex-employee and ex-customer data, along with financial records, are considered high risk because they can contain personally identifiable information (PII). Last year, the number of consumer records exposed that contained PII increased by a staggering 126%, according to a report from the Identity Theft Resource Center.
  • Organizations are asking for trouble if they are storing passwords in plain text, meaning they are not encrypted.
  • Delete data associated with systems that are no longer in use, such as old websites.
  • Be aware of customer databases that have been extracted, such as in XLS or CSV files, that are used by developers for testing.

This approach (data hygiene) is absolutely central to our mission at Heureka. We help organizations plan and implement initiatives to clean up unnecessary information by removing that which falls outside the scope of data retention policies.

Delete rather than de-identify

The CIO article notes that data should only be kept for current business reasons. Deleting is the best solution because, even if the data has been “de-identified,” enough data points can be gathered and combined to actually identify individuals. Hoarding data can negatively impact the strategy around truly useful data.

Having a whole bunch of essentially useless information can make it harder to analyze useful data by increasing the amount of time people spend building and testing models. To solve this problem, enterprises should be aggressive in judging the value that information brings, and test that data to see if it has predictive value.

Blair Hanley Frank, Principal Analyst at ISG, to CIO

Don’t ask, ‘Why should I throw this data away?’ Ask, ‘Why should I keep it?’ Unless you know why you want to keep data, you should be getting rid of it because we live in a world in which collecting more data—which is fresher—is relatively cheap.”

Jon Callas, Senior Technology Fellow at the ACLU, to CIO

At Heureka, we outline the process this way: 1. Identify data 2. Tag or classify data (automatically or manually) 3. Remediate data (move it offline, quarantine or delete outright). It sounds simple enough, right? Surprisingly, this process has traditionally been extremely difficult to control when it comes to unstructured data because there were very few tools that could index and classify information in an efficient and cost effective manner.

Companies are now experiencing their “Heureka Moment” after installing Heureka’s endpoint indexing service and begin to untangle the web of unstructured, dark data and expose risk hiding within stored files.

Conclusion – Data Protection

Data is considered the oil of the modern economy, but it is of no use—or even downright dangerous, like uranium—if not handled properly.

Incredible amounts of data are hiding within organizations and serving no business value. Making matters worse, the data that is actually important is at risk of getting lost in the shuffle.

Heureka was developed to specifically address the increasing necessity to gain control of and insight into critical, unstructured data that is both a value and a risk, and to improve upon the economics of a resource-intensive process to manage that data.

Unstructured data has become one of the greatest risks in the corporate world. Organizations who fail to act on their unstructured data have the potential for significant fines and regulatory action. Heureka helps companies plan, inventory and remediate files before they become a problem, empowering clients to gain understanding and take control of their unstructured data.

With the proper tools and expertise—and by deleting what is not needed—organizations can improve overall data handling and protection practices.

Visit for more information.