Five Data Protection Challenges and Suggested Solutions
Data protection isn’t easy. Given the exponential growth of data, continually changing security threats, increasing regulations, and other factors, the task can seem downright impossible.
The key is to understand the challenges of data protection and make use of the available knowledge and technologies to overcome them. The following are five common challenges and how you can address them.
Challenge 1: Data Growth
It’s estimated that the amount of data that exists today is in the zettabytes. Just one zettabyte is equal to one sextillion bytes. (There are 21 zeros in that!) Given all the data continually generated by social media, Internet of Things (IoT) devices, sensors, and more, the amount of data is only going to get bigger.
Much of that data is unstructured, which means it’s not arranged according to a pre-set data model or schema. Existing as text, video, audio, emails, web server logs, and other content types, it doesn’t fit neatly into relational databases that make its organization and use relatively easy.
Among the issues with all this unstructured data is that organizations don’t know what they have, what it’s for, where it exists, and if it’s adequately protected. Much of it could be ROT data (redundant, obsolete, or trivial) that are taking up expensive storage space, getting needlessly backed up (contributing to even more data), and at risk of compromise.
What to do: Get to know your data. Invest in technologies that can help you locate and identify the data within your organization wherever it exists, even across data silos and storage systems. You can’t protect what you don’t know you have — and you don’t want to waste resources protecting and storing data that has no value.
You do want to ensure that any sensitive data isn’t left vulnerable. This leads to the next data protection challenge: data lifecycle management.
Challenge 2: Data Lifecycle Stages
Data is created, gathered, processed, analyzed, often shared, almost always stored for varying periods of time, and sometimes purposely deleted. Each stage has its own considerations, including the level of protection that’s needed. For example, sensitive data, like personal, financial, or proprietary information, may require specific handling to meet regulatory requirements and other mandates. Other issues could include access, permissions, how long to keep data, where to keep it, and if it needs to be destroyed.
What to do: Implement a data lifecycle management strategy that uses best practices to protect, preserve, and manage data across the enterprise at all stages. Take advantage of automation when possible to streamline efforts and minimize potential issues due to human error. Recommended best practices include the following:
- Clearly define data types.
- Create a file naming process.
- Implement a means of identifying sensitive or other high-value data, assessing how critical it is to your business, determining if it’s subject to regulatory requirements or industry standards, evaluating its potential risks and vulnerabilities, and putting a tested data protection plan in place.
- Include thorough data governance policies that cover what should be done with data in specific situations and give administrators the tools to ensure adherence to these policies.
- Make sure you have a clear data custody plan that clarifies privacy and security expectations all along the data’s journey to minimize risk.
- Create a data storage and archive policy. Use automated solutions that organize data into separate storage tiers according to specified policies, and migrate data from one tier to another based on those criteria.
- Set data deletion/destruction policies.
- Implement a reliable, tested backup plan.
- Use the above-mentioned steps to create a comprehensive data lifecycle management plan. Design it with the capacity to reiterate and adapt to new circumstances. Frequently review and update it.
Challenge 3: The Human Factor
Among the biggest threats to data are the human-initiated kind. Sometimes it’s a matter of negligence or a lack of awareness on the part of employees. They may use weak passwords, accidentally delete data, or fall for phishing scams. Other times, data breaches result from malicious behavior by disgruntled employees. However, a majority of breaches are perpetrated by cybercriminals and others trying to take advantage of IT system vulnerabilities and unprotected data for financial gain or to cause damage.
What to do: Implement a multi-layered IT security plan, which also encompasses cybersecurity, to address the broad range of human factors that could result in breaches. Recommended components should include:
- Frequent, continually updated security awareness and training for employees, vendors, and anyone else who requires access to your IT systems
- A fundamental information security infrastructure, including firewalls, intrusion detection, prevention systems, endpoint protection, anti-malware and anti-virus protection, and vulnerability management or threat management systems. (Note: Go with the most up-to-date technologies and tools in these categories.)
- Advanced security analytics tools for monitoring and threat protection. Consider those that make use of leading-edge technologies like AI and machine learning.
- DLP-specific tools that block attempts to copy or transmit sensitive data to an unauthorized location, intentionally or unintentionally
- The principle of least privilege (enforced), which grants users only the minimum level of access they need to perform their tasks.
Data Challenge 4: Physical Security
With more people working at home or in other non-company settings, physical security issues can present data protection challenges on multiple fronts. Remote work means the physical security perimeter is expanded.
You have to rely on employees working remotely to secure their devices, not lose them, not allow family and friends to access their systems (and the data they hold), and always employ strong data privacy and security practices.
There’s also the issue of empty or mostly empty offices that aren’t properly secured and monitored in terms of who is accessing them — and why. This can lead to the theft of IT devices containing data.
What to do: Make sure computers and other devices in company offices that aren’t currently in use are secured or removed for safekeeping. Limit access to company offices only to those who have a valid reason for being there. Make use of access cards or other means to track who is accessing these spaces.
Create and enforce strong remote work and BYOD policies. Integrate this information in employee training and communicate it frequently. Provide employees who work remotely with the appropriate resources and technologies to protect their devices and data. Instruct them to:
- Use strong passwords and multi-factor authentication.
- Use a VPN.
- Avoid accessing public WiFi.
- Back up data.
Other recommendations: enforce zero trust network access (ZTNA) and implement end-to-end data encryption.
Challenge 5: Ever-Increasing Rules and Regulations
Many government entities (states and countries) are enacting their own data protection and privacy legislation. While the regulations are similar, there are challenges in terms of keeping up with what each requires, as well as the “when” and “how.
In 2023, eight US states passed data privacy legislation: Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee and Texas. Hawaii, Kentucky, New York, and Oklahoma all had comprehensive privacy bills clear in one legislative chamber in 2023. Prior to 2023, California, Colorado, Connecticut, Utah, and Virginia had already enacted comprehensive consumer privacy laws.
Of course, there’s also The General Data Protection Regulation (GDPR) to consider. Though drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere if they target or collect data related to people in the EU.
What to do: Know what the regulations, rules, laws, mandates, and industry standards are that apply to your organization and how it handles data. To be safe, enlist the help of professionals trained in data protection/data privacy compliance matters.
This may entail hiring a data security or privacy attorney, a privacy consultant, or even an in-house, full-time privacy or compliance manager to analyze applicable laws and provide suggested actions for staying compliant.
Learn More
An additional recommendation for dealing with data protection challenges is to lean on your cloud services or managed services provider. They may be able to help you devise and implement data protection strategies, including backup and disaster protection. US Signal offers a variety of options to consider, as well as data protection resources to help increase your overall knowledge on the subject.