It’s no secret that unstructured data is causing turmoil in the financial services sector. Both from an insights perspective and a cybersecurity perspective, unstructured data is an untapped, hard to find resource.
Research indicates that more than 80% of new data that is generated is done so in an unstructured format, yet just 1% of that data is analyzed for work purposes.
This explosion of unstructured data has enormous security implications. The FS industry has an extremely high-risk profile compared to sectors such as retail and manufacturing. FS is strictly regulated in terms of data protection with specific laws such as GLBA, COPPA, FACTA and FDIC 370.
Moreover, given the value of the data that FS companies handle, this sector is also a top target for cyber-attackers. In fact, research shows that FS firms faced a 238% increase in cyber attacks last year.
Given that the relationship between FS firms and their customers is implicitly based on trust, a data breach could have disastrous, far-reaching implications. Aside from the immediate cost of paying a compliance fine, a breach could damage customer trust for the long term.
Despite the risks surrounding regulations and cyber-attacks, FS companies can’t afford to fall behind in the digital transformation race. If they do, they’ll lose customers. The challenge, then, is finding a way to classify and secure unstructured data, while revving up digital transformation.
Not only will doing so improve FS companies’ security, but it will empower them to make better, quicker decisions that improve the bottom line. Unstructured data, after all, is rich in insights that are waiting to be discovered.
There are now a wealth of artificial intelligence and data analytics solution that can be used to garner insights from unstructured data. These insights can create a competitive advantage, improve efficiency and uncover previously unseen market insights.
With so much to play for, it’s evident that FS organizations need to create a strategy for managing unstructured data.
Where is unstructured data hiding?
Like all industries, FS has embraced the cloud in order to improve productivity and flexibility. The cloud is a treasure trove of unstructured data: emails, documents, PDFs and so on in shared drives and resources.
Without the right tools, organizations can’t discover, manage and secure this data in these cloud applications. Moreover, shadow IT is a massive problem in this sector, whereby employees use cloud applications that the IT team doesn’t know about. This compounds the unstructured data issue – sensitive data may be sitting completely outside any corporate protections, making it highly vulnerable to leakage or theft.
How can unstructured data cause a data breach?
The issue with unstructured data is that it’s just that: unstructured. While structured data is defined by a schema, or lives in a database, unstructured data could be in any format, making it challenging to classify and manage.
From a governance perspective, this is a huge issue. FS companies are mandated to keep strict control over their data, but this is increasingly challenging with unstructured data in the cloud. Plus, where this is no control and visibility, there is a heightened risk of data theft. If you don’t know where your data is, how can you protect it? Will you even know if it’s been tampered with or stolen?
We must also remember that many FS organizations have taken a lift and shift approach to cloud adoption, migrating to solutions like Google Workspace, Slack and Microsoft Office 365 haphazardly, without adequately sanitizing, managing and classifying unstructured data. Arguably, the cloud is more vulnerable than on-premises servers if configured poorly.
With unstructured data potentially exposed to the internet, this paradigm is a data breach waiting to happen. While you might use on-premises data classification tools and data loss prevention (DLP), it needs to be stressed that these tools aren’t designed for the cloud-first world. They will inevitably miss out on data, and most do not have the capabilities to detect unstructured data in the first place.
How to overcome the unstructured data challenge in FS
Despite the challenges, it is possible to organize unstructured data so that it is easy to secure and glean insights from. The secret lies in automation, combined with cloud-first data protection.
Research shows that almost three-quarters of companies currently do not automate the process of unstructured data management. This is a crucial way forward. Given the vast amounts of data we produce and edit by the day, manual intervention is simply impossible and will be inaccurate.
Automation is undoubtedly the next step, but automation on its own is not enough. Being able to discover data is half the battle. Protecting it is the other 50%. This is where cloud-based data loss prevention (DLP) comes in.
However, not all cloud DLP is created equal. Some solutions are less intelligent than others. Be wary of DLP programs that inundate your IT team with alerts and false positives; these often do more harm than good.
Instead, look for a solution that takes an intelligent, contextual approach to risk identification. Our solution, for example, uses a self-learning engine to discern potential threats to data security and takes appropriate action based on the context.
Moreover, our engine is dynamic. It picks up on data classification patterns in order to take automatic action, without the need for your IT team to intervene. Plus, your compliance team can easily monitor and apply compliance protocols from one central interface with highly granular audit capabilities and detailed contextual maps of events.
We recently worked with InsuranceCo, a fast-growing online insurance company offering home and auto insurance. Many of InsuranceCo’s employees used popular apps like Teams and Slack.
To achieve SOC 2 and ISO 27001 compliance, the company realized it needed to get a handle on unstructured data in these apps.
It was concerned about discovering custom patterns and entities within their documents that were specific to their firm. These included account numbers of varying lengths and formats and other sensitive data.
With Polymer’s support, InsuranceCo’s critical SaaS platforms are compliant with ISO 27001 & SOC 2. Auditors were satisfied with the controls, and more importantly, the General Counsel was able to knock off a significant component of Privacy and Data Governance policies.