Over time, email piles up in massive servers, archives, even users desktops and it becomes like a matchbook underneath a child’s bed. Alone, it causes no threat and just sits there, waiting. They can go years and even a lifetime without ever causing a problem.
While no one would leave a matchbook underneath a child’s bed, as it’s completely unfathomable, few think twice about their email servers.
But, why such a visceral reaction to leaving a matchbook in a kid’s room? The matches are not going to burst in to flames, they won’t just spark old comic books and baseball cards, and matches are not the easiest thing to start – even as an adult. We take precautions because of what could happen if those matches got into the wrong little hands.
So why do we just hoard email on servers, desktops and even on legacy backup tapes when there are harmful matches among them? Within the millions of email are Social Security numbers, contracts, legal documents, regulatory compliance papers and emails that can no longer be properly interpreted. Like the matchbook, this dark data just sits there. They don’t just expose themselves, they don’t just jump through firewalls and they aren’t just going to send themselves.
Yet, all it takes is one set of wrong hands and a fire can quickly develop. Thieves search for personally identifiable information that can cause loss of customers, FTC interference and identity theft. Legal and regulatory documents can’t be found or end up in the wrong hand causing fines and penalties. Plus, don’t forget all the money needed to repair and upgrade fire walls and pay legal fees associated with breaches.
Just like a parent sets the rules, compliance, legal, IT, records managers or another guardian needs to set policies surrounding emails. Retention policies, containing both archiving and deletion policies, should be in place to govern data. One leading analyst group recently estimated that less than one percent of companies actively have and enforce an information governance policy.
Much of this goes back to the tools – how do you set policy around data when you don’t know what exists or where? It’s near impossible to understand unstructured data and uncover all those pesky, hidden PST files. But now the technology exists in the form of unstructured data profiling.
Data profiling, sometimes called file analysis, is a process where all forms of unstructured files and email are analyzed and the user is provided a searchable ‘map’ and comprehensive summary reports of the metadata including type of information that exists, where it is located, who owns it, if its redundant, and when it was last accessed.
Optionally data profiling can look beyond metadata and go deep within documents and email for content supporting eDiscovery keyword searches or even personally identifiable information (PII) audits for sensitive content such as Social Security or credit card numbers.
Not only does the technology exist, but it exists at a price point that makes it affordable to deploy, leaving no room for excuses why the matches in the email server and hoping the wrong pair of hands doesn’t find it. Even for those that don’t want to throw out or move the matches – it’s imperative that you at least know the matches are there so they aren’t left next to the comic books.
Unfortunately, many won’t find the motivation to find, expose and isolate the matches until after a breach, but those that see the proactive importance of simply knowing what data is being stored, visit http://www.indexengines.com/solution-data-profiling-assessment.html or contact firstname.lastname@example.org