Varonis, leading data governance software provider, says Telstra episode illustrates need for all organizations to know where their data is and who has access to it
“The problem of securing and protecting human-generated data is much bigger than people realize. Customer information has a tendency to find its way into spreadsheets. When spreadsheets are archived, or similarly stored in an unstructured file format, they are not easily trackable.” -- David Gibson, Varonis VP
Commenting on the latest data leak of customers’ information from Australian telecoms giant Telstra – with personal details of thousands of customers searchable on the Internet – Varonis says this appears to be an all-too-common case of an organisation losing track of what is happening with all of its data at all times.
According to David Gibson, VP with the data governance software specialist Varonis, “Spreadsheets are used every day to analyze information that’s stored in a database. People export a group of records, and then sort, search, pivot, and analyze. Organizations need to understand where these spreadsheets are stored and what they contain, make sure only the right people have access to them, and monitor who is using them. This is more easily achieved than it has ever been, due to the availability of automation software that identifies sensitive data that is accessible to too many people, audits its use, and flags potential abuse.”
For most companies, about 70% of information is stored in unstructured file formats. Such files can be thought of as the gateway to the brain—they are the first place you record a thought or an idea, and they are the intermediaries between people and databases (you usually export data into a spreadsheet to analyze it).
“Spreadsheets are created constantly by many employees, and often contain high-value information – which is what this latest leak of data from Telstra appears to center around. They are not easily trackable without automation. It’s better to find them and make sure they are protected before they turn up online,” he said.
“In a survey we conducted, we found that senior management in 67% of organisations do not know where all their company data resides. We also found that 74% of organisations reported that they do not have a process for tracking which files have been placed on third-party cloud digital collaboration and storage services,” he added. The survey’s findings are detailed here: http://bit.ly/17yLkgC
In Varonis’ in-depth reports, says Gibson, researchers found that only 39% of organizations use automation to identify sensitive data, and only 9% of respondents’ companies have a process in place for authorising and reviewing access to cloud repositories in place, with another 23% still developing their access policies.
“I’m sure that Telstra has mounted a full investigation into what exactly happened with this latest client data leak. The good news is that the telco quickly took the files offline after being notified. This is a classic lesson to all businesses what can happen when archival data goes AWOL on the Internet,” he added