Tech Talk: Spirion + Microsoft Purview Information Protection 10/17, 2:00 PM EDT Register Here

Close

Remote work and data protection: How data governance teams can get control over an ever-expanding IT frontier

The explosion of remote work during the COVID pandemic exacerbated an already existing headache for company IT departments: how to ensure that sensitive data is properly collected, stored and operationalized in accordance with regulatory standards and owner preferences.

The reality of some 44% of workers operating from home for five or more days a week – compared with 17% pre-pandemic – massively expanded the perimeter to be safeguarded by IT and governance teams. And as more and more strategic data took up residence in hostile, unmanaged territory out of enterprise control, the risks to data security and privacy increased exponentially.

Even as life returns to normal, it is expected that up to 25% of the US workforce will continue indefinitely to work outside of the office. Combined with this, rising concerns over data privacy have led to a proliferation of data protection standards which demand stringent compliance.

The increasing complexity of data management

There are two factors driving the increasing complexity of data management. One is the sheer increase in the volume and velocity of data creation, which makes it harder to identify and mitigate the sensitive data. The other factor, also linked to growth in data volume and velocity, is the challenge the data explosion poses for compliance. Addressing the requirements of all the various standards for collection, storage, and use can no longer be done manually and must rely on an automated DLC solution.

Endpoint whitepaper

Data volumes.

Contrary to some expectations that work-from-home policies would gradually become a thing of the past, research reveals that up to 25% of employees around the world will continue indefinitely to work outside of the office or at best in a hybrid capacity.

This means that far from decreasing, the sheer volume of data circulating outside of enterprise boundaries will only increase. Given estimates that around 18% of the files to which a single employee has access contain sensitive data, it can realistically be assumed that every person leaving the safety of the corporate IT umbrella is doing so with 313.83336 million MB of sensitive data in tow.

Bearing in mind that the Fortune 500 companies which, together represent two-thirds of the U.S. GDP, currently employ 28.7 million people worldwide, each of whom has access to an average of 17 million files of 102.56 MB in size on average, it is thus reasonable to expect that businesses will be called on to protect up to 2.2 terabytes of sensitive data – much of it unstructured and difficult to discover and manage – at any one time.

Data governance standards.

In response to rising concerns over data privacy, regulatory agreements have been established at state, national, and global levels to facilitate the protection of sensitive information. Such standards include HIPAA, GDPR, PCI, and California Data Protection and each has its own requirements for compliance, failure to meet which can result in punitive fines and fees, as well as legal liability for companies and organizations.

This means that as well as being able to keep track of sensitive data, companies must have the data classification capabilities which enable them to dynamically tag data as it’s added, moved, copied or altered, and protect it in terms of how and by whom it can be accessed or used in compliance with regulatory standards.

In practice, many organizations are not able to catalog every byte of data in an environment spread over platforms, applications, devices, and machines situated beyond the reach of legacy classification tools. Such tools in any case typically have limited capabilities and rely heavily on onerous and time-consuming manual data management operations.

The solution

In the current environment, any organization seeking an effective and integrated approach to data management will have the following key requirements:

  • The ability to discover data online and offline
    Whether data is online or offline, companies need to be able to quickly, accurately, and reliably discover it regardless of the platform, operating system, or application in which it resides.
  • The ability to classify data to comply with industry and regulatory standards
    Businesses must be able to classify data automatically using tools which are independent of specific vendors and operating systems and which keep pace with ongoing changes and updates to data governance compliance regulations.
  • The ability to apply data governance policies across operating systems
    Rather than attempting to protect sensitive data at the device level — a futile exercise for most teams — businesses need to use tools capable of applying data governance policies across operating systems like Windows, Linus, and macOS on which personal and business-owned devices run.

While the possibility to work remotely has been welcomed by the majority of the workforce, such an arrangement causes major consternation for IT and governance teams tasked with managing ever larger volumes of sensitive data spread across a multitude of devices, systems, and platforms.

Effectively managing and protecting a rapidly growing volume of sensitive data requires an automated data lifecycle management solution which provides end-to-end coverage for teams regardless of where they or their data reside.

Want to dig deeper?

To learn how the Spirion Sensitive Data Platform enables enterprises reliably, automatically, and continuously to discover, classify, and protect sensitive data wherever it resides, download our white paper “Controlling the ever-expanding IT Frontier.”

Access content