Why End User data is more Critical than you may think

If you are of the school of thinking that Corporate IT responsibility ends with protecting Servers and Databases, here’s why you may want to think again.

In my conversations with CIOs, I am spotting a healthy change in their attitudes around end user data protection.  Steadily and surely, End User data is claiming its rightful mind-share within Corp IT.

So, what do we mean by end-user data?  Think of it as all of an organization’s data that is not residing on their central file or DB servers.  This includes data on all desktops, laptops, mobile devices and even SaaS applications.  By even conservative estimates, this accounts for two-thirds or more of a company’s total data asset.

For decades IT organizations have worked hard to protect business data on server repositories and/or databases.  It was widely believed that’s where the companies ‘crown jewels’ resided.  End user data was at best a step-child that merited little if any attention.  Even today, it is common for organizations to admit that they don’t really have a strategy for end user data protection.  The paradigm of “if it’s important they’ll keep it on the Server”, or “it’s their data – their responsibility” is still rife.

A few things are changing that.  From my conversations – I see these as the main drivers:

Regulation

One thing is clear.  We are going to see only more regulation going forward – not less.  Regulations like HIPAA, in the US have mainly been designed to make organizations responsible and accountable for the customer data they store.  The latest regulatory law in the EU that will take effect in May of 2018 (GDPR) takes this to a whole new level with severe penalties should an organization lose sensitive data belonging to customers.  Several other nations in Asia have enacted (or are in the process of enacting) laws that mirror GDPR.  When organizations are held responsible for data loss, the attitudes around end-user data automatically change – because when an employee loses data, the company still has to pay the price.

Insider Threats

There was a time, not very long ago – when everything important happened only in the office.  Users came in to work logged in, accessed data on servers, did work, logged out and went home.  A Corporate IT team with good network monitoring tools had a lens on pretty much everything that happened with company data and everything was traceable.  Two things have disrupted this equilibrium.  One is the cloud.  The other is mobility.  All of a sudden now, many IT teams are finding that their data isn’t on a corporate server – but in a SaaS application sitting in the cloud.  And users aren’t working from the office – they’re accessing this data via a mobile device at home or in a hotel room.

So the action has moved away from network monitoring to the Cloud and the Endpoint.  IT organizations feel the need to get back ‘in the loop’.  They have to know what’s going on with the data.  Who’s accessing what and what they’re doing with it.

Ransomware

WannaCry made sure that this (not so) new breed of malware is now practically a household name.  Ransomware can have a devastating effect in terms of data loss and practically crippling an organization’s ability to function.  And the most common threat vector that ransomware exploits is the end user.  Protecting end user data just became a lot more important.

Let’s consider a few important statistics:

  • Two Thirds of Enterprise data lies outside the data center on end user devices (like laptops).
  • 99% of employees have sensitive data on their laptops and almost a third admit to uploading it to the cloud
  • Only 52% of IT organizations have formal processes for protecting all corporate-owned endpoint devices.
  • Unbeknownst to many, SaaS vendors don’t take responsibility for backing up your data – you are responsible for your data backups – even when it is in the cloud.

Protecting end user data has never been more critical.   If you don’t have an end user data protection strategy, consider an end-point backup solution.  Get one that can use cloud storage for the backup repository.  With cloud storage becoming more affordable, this makes total sense.  Consider a solution that can ensure security and privacy using techniques like encryption.  A solution that does all of the above and also supports SaaS data backup is sure winner.