Expert insights: How to clean up your data and minimize security risk

Data hygiene is a strategic necessity, driving security, productivity, efficiency, and regulatory and compliance adherence. To understand the importance of implementing a data hygiene strategy, we must first recognize the impact of dirty data.

Duplicate information and inaccuracies cost companies, from lowering overall revenue and wasting potential selling time following bad data, to heightening security risks. Poor data in financial reporting can lead to inaccurate and misleading financial reports. And bad supply chain data affects automation if those process decisions are based on unreliable location information.

“With the exponential proliferation in the amount of data created across increasingly disparate and decentralized environments, the cost of not understanding how data is created, where it resides, and most importantly the contextual value of this data has become a significant security risk,” said Marc Yoder, SHI Field Chief Information Security Officer.

As our experts gear up for SHI’s 2023 Roadshow, Marc Yoder, SHI Lead Field Chief Technology Officer Russ Cantwell, and SHI Field Chief Information Security Officer Scott Mahoney took some time to discuss the ins and outs of data hygiene.

What is the importance of data hygiene?

Scott Mahoney: A data strategy program is essential to your overall technology and security program, and it’s comprehensive, spreading across the entire ecosystem. How you secure things drives how you automate and modernize.

Marc Yoder: If you continue to create data without any data hygiene or eliminate this data on the back end, you end up with a data landfill or cyber landfill.

Russ Cantwell: We’ve arrived at the garbage island of our data practices.

MY: We have a client in the quick service restaurant (QSR) industry with over 20,000 employees. They have an attrition rate of 120% – that’s a real number because many of their employees don’t last a quarter. And when these employees come on board, they have a login and password with access to data through their portal.

Imagine trying to onboard and then offboard on the backend, and when they leave or were just disabled, they come back a month later. You have to keep it because a lot of these employees come back.

What do you do with that data? You’re talking about literally hundreds of thousands of user logins and whatever data that they’ve created is hanging around out there somewhere. Does it have business value? Is it worth the risk of having that data hanging out there? The 16-year-old that worked for 30 days, their personal data is out there forever on your systems. And if it’s not handled appropriately, now you’ve got massive data that has no business value but has a significant risk.

What would you recommend to a customer looking to create or enhance their data hygiene strategy?

SM: One of the key takeaways are the five components of data governance which we’ll cover in the Roadshow presentation. Before you invest in tools and processes to improve your data hygiene, it’s essential to establish a baseline.

RC: These are pillars or principles of design we found make sense through working in data governance. So, creating a guiding principles-based process is really what we would recommend.

Source: Fortinet

Are there ways to mitigate the costs of poor data management?

SM: I would say reduce the amount of data. So, you constantly need to scrub, but you need to have retention policies in place.

RC: Yes, actually having a retention policy and not just keeping everything forever, which is the default human way of doing things.

MY: The issue is storage is cheap, but risk is not. I think the thought is people just will continue to back up because storage is cheap, but the associated risk with that method is significant.

“Storage is cheap, but risk is not.”

RC: There’s also been a severe skill shortage in deriving value from data. So, you take that skill shortage. You not only have security risks and vulnerability. The reality is if you’re trying to do something with data, you need to have the skills to do it. That has been a relatively new area that people have explored.

Where do we go from here, and how do you limit exposure? We adopt platforms that obscure some of that to make it more simplistic. I’ll talk more about the skills shortage and what we’re seeing around platform adoption, and how we can help with some of our security practices built in.

What do you hope the audience will take away from listening to your Roadshow session?

RC: We have several offerings, but the one that I explicitly direct customers to is our data strategy workshop. Working with the actual data and deriving insights and value is a good place to start regardless of your end goal.

No matter where you are in this journey, you aren’t alone. We hope you walk away knowing that SHI can help you level set and drive forward with confidence.

Next steps

To hear more from our security subject matter experts and partners, secure your seat at our 2023 Roadshow to solve what’s next in cybersecurity. Join us to learn about the latest updates in data hygiene, DevSecOps, cyber visibility, and identity and access management (IAM). With actionable advice, expert-led keynote sessions, stadium tours, and sports celebrity meet and greets, you don’t want to miss this immersive experience.