Ian Wood at Veritas Technologies explains why the vast amount of untagged and unclassified data that organisations hold is a major security risk
The amount of data being created is increasing every day. Figures from 2020 estimate that, on average, each person creates 2.5 quintillion bytes of data a day. Many of us wouldn’t even know how many zeroes are in a quintillion, let alone what 2.5 quintillion bytes of data looks like.
While this comes with many benefits, such as better insights into customer trends, the increasing volume of data is also a huge challenge for businesses. It’s no good gathering and storing vast amounts of data if the business doesn’t have visibility into what it is, what value it holds, where it sits or who has access to it.
We call this ‘dark data’ – it is essentially data that is unclassified or untagged. And, while fear of the dark is often associated with childhood, dark data should be a legitimate concern for businesses.
Businesses that want to reduce their environmental impact, avoid regulatory fines, and protect themselves from the ever-growing risk of ransomware need to bring their dark data into the light.
Data in the dark
According to Veritas research, on average, 35% of the data that global organisations are storing is “dark” – that is to say, they don’t know what it is – and that a further 50% is Redundant, Obsolete or Trivial (ROT).
Analysts predict the amount of data stored globally will grow from 33ZB in 2018 to 175ZB by 2025. This means that, unless businesses change their habits, there could be more than 61ZB of dark data and more 87ZB of ROT data in four years’ time.
The masses of dark and ROT data being stored suggests that business data is either being under-utilised or stored unnecessarily. Either way, organisations are not getting full value from their data, and this could ultimately harm their bottom line. But the damage goes beyond just a business’ profits.
Dark data is also having a detrimental impact on the environment. Previous research from Veritas found that as much as 6.4m tons of CO2 was unnecessarily pumped into the atmosphere last year as a result of powering storage of this kind of data.
Despite this, most UK organisations rank environmental sustainability as a higher priority than innovation, customer experience, and even staff wellbeing. And, although 91% of businesses said they would be likely to change how they identify, manage, and delete non-relevant data if that would help reduce their environmental impact, almost all admitted they have not completed a review of emissions produced by their IT department.
While the financial cost of dark data is regularly discussed, the environmental cost is often overlooked. For businesses looking to reduce the carbon emissions produced by their IT departments, dark data is a great place to start.
A security scare
Aside from incurring unnecessary costs and significant energy consumption, storing dark data also increases the risk of falling victim to ransomware attacks.
The COVID-19 pandemic and the subsequent shift to working from home has meant that last year, ransomware attacks increased 150% over the previous year. The amount paid by victims of these attacks also increased more than 300% in 2020, and we’ve seen how large-scale attacks such as the ones on Colonial Pipeline, JBS and HSE not only impacted the businesses themselves, but also the general public and the economy.
As data becomes more dispersed, and as cyber-criminals fine tune their approaches, preventing such attacks can be near impossible at the best of times. But housing dark data creates a significant window of opportunity for hackers as well as a huge compliance risk. If you don’t know what data you have, how can you possibly protect it?
Flipping the switch
In order to get their house in order, businesses should first carry out a full assessment of the data that they have. Only once they have this can they build a plan for what data needs to be protected, where it needs to be stored and how it needs to be handled.
Once companies have visibility of all their data, they can then begin taking control of data-associated risks and making educated decisions over which data can be deleted with confidence. This will not only help in creating a safer, more compliant environment but it will also help to reduce unnecessary storage costs and the organisation’s carbon footprint.
This data visibility will also help businesses build a robust and automated backup plan that includes optimising business continuity and disaster recovery processes to protect and encrypt mission-critical data that needs to be kept secure. Isolating and encrypting backups, holding multiple copies, and frequent testing for vulnerabilities will help businesses build resiliency against attackers and remain on the right side of data protection regulations.
Fear of the unknown
Dark data can be daunting for businesses. While reviewing all of a companies’ data and managing it on an ongoing basis may seem like a tall task, it’s one that will offer many benefits once completed and maintained. In a world that it is totally reliant on data, the businesses that have the competitive advantage will be the ones who aren’t afraid to tackle the unknown.
Putting the procedures in place now will protect an organisation in the long run – no matter how much data we produce in the future.
Ian Wood is Head of Technology UK&I at Veritas Technologies
Main image courtesy of iStockPhoto.com