Data hoarding is widely recognised as a damaging activity in our day to day lives, with TV shows such as The Hoarder Next Door helping us appreciate how an unwillingness to throw anything away can quickly have negative effects.
However, I have come across organisations, all across that world, that are guilty of digital hoarding in one form or another, where they are clinging on to data well beyond the point that its continued storage is necessary or even beneficial. Even though these data stores aren’t as visible as piles of rubbish it doesn’t make the practice of keeping hold of them any less destructive. After all, if you don’t know exactly what you have or where it is stored, how are you ever going to know how best to manage and protect it?
You could perhaps be forgiven for thinking that as the cost per TB of cloud storage gets cheaper, that it would be ok to let your data stores continue to grow. You might think it wise to keep hold of it “just in case” it one day becomes useful. However, the storage costs and risks of a potential data breach often outweigh the benefits of keeping hold of this data.
If we forget the security implications for one minute, have you ever thought to consider how the cost of data storage compounds each year? According to the Veritas Global Databerg Report, just 15 percent of the average company’s data is business-critical, a third is redundant, obsolete or trivial and another 52 percent is unclassified (dark) data. This leaves a huge amount of data that could – and should – be erased.
So as to make it easier to understand what this looks like, we created our Data Storage vs Data Erasure ROI Calculator. The calculator allows you to enter your own figures which will quickly give you an understanding of how much you’re spending in order to store non-critical business data and how those costs compound each year.
It’s not just data hoarding that’s an issue
Making your data more visible reduces risk through easier monitoring. The more data you hold, the greater the consequence should you fall victim to a data breach. Besides, if you don’t have a full understanding of the data you’re holding, it’s all but impossible to fully understand the scale of the problem or how many people might have been affected.
Once a data breach has occurred, no executive would want to have to explain to their staff, customers as well as the mainstream media that they had no idea what information was taken or how many customers were likely to be affected. Yet, by failing to challenge this data hoarding mentality within their organisation, this is exactly the risk that the majority expose themselves to on a regular basis.
One of the most high-profile examples of this is Yahoo!, which had to triple its estimate of the number of users affected by a historic data breach from 1 billion to 3 billion. This discrepancy shows just how little oversight it must have had into the information held on its servers.
Will EU GDPR transform business thinking?
With any luck, the incoming EU GDPR regulations will be the shot in the arm organisations need to address their data hoarding addiction once and for all. After all, how can a ‘Right to be Forgotten’ request be carried out within an organisation that doesn’t know the data it has or where it lives?
In order to fully prepare your organisation, the first thing you need to do is classify the data that already exists. Once this has happened you can start thinking in terms of data lifecycle management, or the comprehensive approach to managing the flow of information system’s data and associated metadata from creation and initial storage, all the way through to the point it becomes obsolete and is destroyed.
It is also important that companies know how much they’re currently spending on data storage, including both soft and hidden costs. Only once you know how much money you’re spending on storing unnecessary data, will you be able to see where you could save money by erasing that data. When that’s done, you can create processes for classifying and erasing unneeded data and regularly monitor your data management processes. That way, data can start to be routinely erased whenever its value is less than the liability, when customers demand it (when closing accounts, for example), or when it is required for regulatory compliance.
Effective standards for data erasure contribute to overall data hygiene by ensuring that data is destroyed when it reaches the end of its retention date, is no longer necessary or isn’t adding value to the business. This factor is essential in preventing unauthorised access, whether through a security breach or inadvertent disclosure.
While it’s remarkable to hear about the mitigated security risks and the adherence to compliance organisations have achieved through data erasure, it’s far more fascinating when companies can see the impact data erasure can have on their data storage costs compounded over time. Suddenly, data erasure becomes a critical data security solution that not only minimises exposure to data loss and ensures regulatory compliance, but also delivers an improved bottom line.