A mismatch in data valuation poses a huge challenge for manufacturers. By Steve Abbott
Manufacturers have always trusted that data would be safe in the hands of the IT Security department. While this department does its utmost to prevent cyber-attacks, it may not be best placed to gauge the value of business data, according to new research from the Ponemon Institute. IT security departments are actually mis-valuing business data to the tune of thousands of dollars; representing serious challenges for manufacturers’ operations. At best, manufacturers are wasting resources protecting low-value information assets. At worst, this mis-valuation is exposing organizations – including their most valuable R&D data – to threat of attack and catastrophic loss.
Manufacturing IT Security departments are undervaluing many types of business information from R&D documents and blueprints to sensitive financial information. That was the major finding from a new survey of 2827 American and UK professionals carried out by the Ponemon Institute. It found that the IT Security department predicts that the data reconstruction costs for an R&D document, if compromised, are $306,545. In stark contrast, the R&D department puts that figure as $704,619. In fact, the research found that R&D documents are the most undervalued asset type; and that manufacturing was the business sector that possesses most valuable business assets overall.
If the department charged with safeguarding an organization’s data doesn’t truly understand what it is protecting, how can it be expected to apply an appropriate level of protection to the most valuable information? This creates the perfect environment for a hacker to unleash a damaging data breach, which could result in huge financial losses, big fines from the regulator, considerable brand damage and even loss of life. This is not a criticism of IT Security. The department simply lacks the understanding and tools to understand the value of data.
The reality if that only a fraction – perhaps as small as five per cent – of an organization’s data is essential. In spite of this, businesses take a ‘one size fits all’ approach to data security. Manufacturers should consider the management and protection of business data as a business issue, and not side-line it to IT Security. That process starts by identifying and classifying the data they store, so more accurate decisions are made. All businesses – but manufacturers will feel this need more acutely – need to engage in smart and cost-effective to data management and security.
Data context drives business clarity
The majority of businesses, including manufacturers, have no idea what data they have on file, where it is, its business context, who has review or copied it or even if they can legally delete it. Most businesses struggle to see which documents might comprise valuable details; like financial, product or R&D information. They also find it challenging to identify the sensitivity of the document and what its context is to the business. This is entirely understandable as it’s not a straightforward exercise to identify and classify data. However, there is a pressing need to be able to do just that – thanks to the launch of progressive data privacy legislation, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The risks for manufacturers that don’t stay compliant to this legislation are large fines from the regulator, government inquiries or individual or class action lawsuits. Furthermore, if a business doesn’t manage its data properly, as the GDPR stipulates, then it risks damage to its reputation. In any industry, it’s incredibly damaging to be seen as an organization that cannot be trusted to protect its own or its customers’ data.
In this environment, everyone is taking data management a lot more seriously. But the process is still hugely difficult. For example, a manual scan of the unstructured data stored by a typical 5000 seat organization could take up to 400 years’ worth of and time and cost. Unstructured data makes most (70-80 per cent) of an organizations’ stored data and is information like PDFs and e-mails, among others, that are produced, and stored, during a working day. If a manufacturer chose machine learning to attempt to identify data, it would be difficult because this sort of technology is unable to gauge the context of documents.
As manufacturers store so many documents, data identification will be a huge task. And could interrupt or divert resources away from core operations like the factory floor. Advances in Artificial Intelligence (AI) technology might provide the answer as it is capable of generating data inventories automatically, with a high level of accuracy, in a very fast timeframe. AI technology is known for its self-sufficiency and overall effectiveness, which means its work will not impact everyday manufacturing tasks. The AI solution’s creation of inventory lists, with defined business categories such as HR and finance, among others, enables manufacturers to be completely clear on what data they hold and are responsible for.
This enhanced data management means the operation is no longer at risk from damaging data mis-valuation. This improved visibility and knowledge can immediately be put to work in developing a more effective data security. For example, a manufacturer can slash the quantity of data it stores and improve data quality. Being confident about deleting ‘toxic data’ can act to lessen the damage a data breach hitting a manufacturer could cause. The other benefit to a lower amount of data is that less errors are made as it is easier to locate the correct documents. A holistic view of the operations data – where it is, who can see it, what is valuable and what isn’t – enables a manufacturer to accurately identify the market value of data, in order to monetize it, and put a more accurate figure on governance projects. In fact, Ponemon went onto find that a manufacturer or business could increase the market value of its assets by 15 per cent if it embarks on an automated project to identify and classify its data.
Removing the data mis-valuation paradigm is hugely beneficial to a manufacturer’s security protections, operational procedures and finances. However, these benefits can only be realized if the right technology is chosen for the data discovery process. When technology can deliver the gift of context to business data, manufacturers can safeguard their operations and start to deliver strategic, data-driven decisions.
Steve Abbott is CEO of DocAuthority. DocAuthority is a leading document control solutions company. It offers organisations a broad, yet business-friendly, security policy utilising AI to help automatically discover and accurately identify unstructured and unprotected sensitive documents, to help prevent them from falling into the wrong hands.