Académique Documents
Professionnel Documents
Culture Documents
Executive Summary
Companies of all kind and size are now faced with the responsibility of
securing access to sensitive data to prevent data breaches. With the
continued explosion of unstructured data, organizations are now forced to
secure access to files in multiple locations, user-controlled shares, and on
distributed devices. Failure to lock down sensitive information can lead to:
With up to 80% of data residing on file servers, this whitepaper will focus on
the largest percentage of sensitive files (unstructured data). This whitepaper
will explore the risk, consequences, best practices and suggestions on how to
secure unstructured data.
In a 2009 Ponemon Institute study entitled “Fifth Annual U.S. Cost of Data
Breach Study”citing breaches with about 5,000 to about 101,000 lost or stolen
customer records, the most expensive data breach cost nearly $31 million to
resolve, and the least expensive cost $750,000.
2. Effective access rights are not managed in one system - The file
system with the ACLs (Access control lists) and directory services (e.g
Active Directory) with objects and ACLs are two distinct, hierarchical
structures. The file server calculates effective access rights, but the end-
user has no visibility into this behind the scenes process.
In a recent survey that included 890 companies of various sizes, when asked
about their level of data security, over 90% of organizations reported having a
formal data governance policy and operate under the belief that it is being
enforced.
vulnerabilities +,-'%
Data Encryption
The 3rd method is to actually encrypt the data at rest. The problem with this approach is
that itʼs invasive to the environment and complicates IT operations such as backup,
recovery and business continuity. Furthermore, data encryption works best on end-point
devices, however when it comes to encrypting data at-rest residing on centralized file
servers and NAS devices, todayʼs solutions are expensive, fragmented and complex to
manage, and as such have seen very low rates of adoption in the industry.
It remains that - for most organizations - the most cost effective data protection can be
realized by employing the first two methods, namely Physical Access Controls and
Network Data Access Controls.
In order to get started, the IT Organization must understand what sensitive data they have,
what’s exposed, and which users and groups have access to it.
Aprigo NINJA provides detailed analytics on the folders & files affected by these
vulnerabilities so that they can be remediated and IT can employ a “least-privileged”
access policy.
A close feedback loop is critical to the practice of securing access to sensitive data.
since access rights to files & folders are continuously being created and modified,
new data files and folders are created, copied and changed, A change report
monitoring changes over time is critical in ensuring the proper security of
unstructured data.
Aprigo has developed a first of its kind suite of unified data governance applications
delivered in an easy-to-use SaaS model. The benefits provided are: