博客

数据发现是什么?

从数据访问数据扩张,企业应对前所未有的大量数字信息,需要监控,管理和安全的。这是你的向导。

杰森Koestenblatt、团队领导、内容营销、OneTrust
2023年3月10日


Data.

\r\n

It’s everywhere. It’s everything.

\r\n

And your business is creating, capturing, processing, and controlling tons of it.

\r\n

Some 2.5 quintillion bytes of data are being created each day, according to a report by G2 in early 2023. Think of a number with 18 zeroes following it! That report also showed that an internet user – that’s you – generates around 1.7 megabytes of data per second.

\r\n"}}" id="text-dbe45c0297" class="cmp-text">

数据。

它无处不在。它的一切。

和你的业务是创建、获取、处理和控制吨。

每天大约250亿亿字节的数据被创建,在2023年初的一份报告显示G2。认为许多18 0后!这份报告还显示,互联网用户——这就是你——产生大约1.7 mb每秒的数据。

图表的数据点列出关键信息的数据字节,违反和数据隐私法
The data point that may be most telling, however, is the estimation that humanity will generate three times more data in 2023 than it did in 2019. Data creation is growing faster than you can say zettabyte (as in 97 zettabytes, the estimated volume of data created in 2022).
\r\n

\r\n

 

\r\n

That’s exciting, as the digital world now sees data as currency. But with great power comes great responsibility, and every data point in your company’s ecosystem can become a security and legal liability.

\r\n

 

\r\n

What does it mean to de-risk data, and how do we gain visibility and classification? Join this webinar to learn more.

\r\n

 

\r\n

Enter data discovery and the act of de-risking said data, and all the governance needed in your organization to properly harness (and safeguard) that information. Each company and, at a deeper look, each security team, is going to have pain points when it comes to their data classification structure. However, knowing what data you have, where it is, what it is – and isn’t – used for the business can be a great head start when defining next steps in discovering, controlling, and activating that data.

\r\n

 

\r\n"}}" id="text-69cbf5e7b4" class="cmp-text">

也许最有说服力的数据点,然而,是人类将产生三倍的估计在2023年比2019年的数据。数据创建增长速度快于你可以说zettabyte(97年zb,估计体积的数据创建于2022年)。

这是激动人心的,因为数字世界现在看到数据作为货币。但伟大的能力越强,责任和每个数据点在贵公司的生态系统都可以成为安全与法律责任。

减少数据意味着什么,和我们如何获得可见性和分类?加入这个网络研讨会,学习更多的知识。

输入数据发现和消除的行为表示数据,和所有的治理需要在你的组织中正确利用和维护这些信息。每个公司,在更深层次看,每个安全团队,有痛点时他们的数据分类结构。然而,了解数据,它在哪里,它是什么和不是用于企业可以成为一个伟大的开端在定义下一步在发现、控制和激活数据。

按需网络研讨会即将到来……

 \r\n

More data, more problems

\r\n

Acknowledging the problems that massive amount of data poses to your organization is going to be step one in proper classification.

\r\n

 

\r\n

Problem 1: Lack of visibility into a growing dataset

\r\n

Your organization collects and generates a massive amount of data across different systems in a variety of forms. Before you can establish and enforce policies to promote usability, secure data, and maintain compliance, you must understand what data you have and WHY you have it.

\r\n

 

\r\n

Problem 2: Need to reconcile data risk and reward

\r\n

Because of this relationship, you’re always on the hunt for technology that helps your business understand the data it has, the risks it poses to the business, external requirements (compliance) related to data, as well as the internal initiatives and expectations related to it.

\r\n

 

\r\n

Problem 3: Time to market

\r\n

Your business needs to be able to find sensitive data, highlight where it lies, and be able to quickly take remediation efforts in the event of a security incident.

\r\n

 

\r\n

The average volume of data held by an enterprise grew by 42% last year. One of the biggest challenges stemming from this explosion of data is insider access. Does your company know how to monitor and manage this type of data sprawl? Join this webinar to learn more.

\r\n

 

\r\n

What is data access governance?

\r\n

The key objective of data access governance is to gain visibility into risk and enforce data access policies. Data access management has evolved into an independent initiative that requires an autonomous strategy, budget, and implementation schedule. Data access governance covers many crucial areas, including data security; protecting PII; providing access to critical data assets; and managing permissions.

\r\n

 

\r\n

What is dark data?

\r\n

Dark data is the information assets an organization collects, processes, and stores during regular business activities, but generally fails to use for other purposes. For example, dark data could come in the form of analytics, business relationships, and direct monetization.

\r\n

 

\r\n

Who is a data citizen?

\r\n

A data citizen is an employee who is given access to an organization’s proprietary information. Use of the word “citizen” is meant to emphasize the idea that an employee’s right to access corporate data also comes with responsibilities.

\r\n

 

\r\n

What is a data estate?

\r\n

A data estate is simply the infrastructure to help companies systemically manage all their owned corporate data.

\r\n

 

\r\n

What is data minimization?

\r\n

Data minimization is a principle that states data collected and processed should not be held or further used unless this is essential for reasons that were clearly stated in advance to support data privacy.

\r\n

 

\r\n

What is Data Security Posture Management?

\r\n

Data Security Posture Management (DSPM) is an emerging market focused on reducing risk and improving the security around an organization’s most valuable asset – its data.

\r\n

 

\r\n

What is Data Sprawl?

\r\n

Data sprawl is the proliferation in the number and different kinds of digital information (data) created, collected, stored, shared, and analyzed by businesses, primarily at the enterprise level. On average, organizations have four-to-six platforms to manage data.

\r\n

 

\r\n

What is ROT Data?

\r\n

Redundant, obsolete, or trivial (ROT) data is the digital information a business has despite the data having no business or legal value, i.e. a duplicated piece of information or data point that doesn’t help the company in any positive way.

\r\n

 

\r\n

In order to cull and manage ROT data, your business needs a data retention and deletion strategy. Join this webinar for tips and best practices on ensuring ROT data isn’t hindering your business.

\r\n

 

\r\n

Shift left: A data classification strategy

\r\n

Data discovery has as much to do with classifying its whereabouts and importance as it does what actions should ultimately be taken with that digital information. Forward-looking security should be employing the shift left strategy. But what exactly does that mean?

\r\n

 

\r\n

Shift left is a philosophy that looks at data ingestion at the left side of a horizontal funnel (see image). According to IAPP, that narrow end represents the point when data first enters the company’s tech ecosystem. As you move right in the funnel, the amount of data grows with copies, inferences, and data analysis. The point of collection is best suited to classify and inventory data, creating downstream efficiencies. Most companies classify and inventory data toward the right side of the funnel, which is a recipe for delays, inaccuracies, and potential security incidents.

\r\n"}}" id="text-0844549d2c" class="cmp-text">

更多的数据,更多的问题

承认问题,大量的数据对您的组织将是第一步在适当的分类。

问题1:缺乏可见性不断增长的数据集

组织收集和生成大量的数据在不同的系统在不同的形式。才能建立和实施政策促进可用性、安全数据,并保持一致性,您必须了解哪些数据,为什么你拥有它。

问题2:需要调和数据风险和回报

因为这个关系,你总是在寻找技术,帮助您的业务理解的数据,它对业务风险,外部需求(合规)相关数据,以及相关的内部活动和期望。

问题3:上市时间

你的业务需要能够找到敏感数据,突出它在哪里,并能够迅速采取补救措施在发生安全事故。

的平均体积数据由一个企业去年增长了42%。最大的挑战之一源于这爆炸的数据内部访问。贵公司知道如何监控和管理这种类型的数据扩张?加入这个网络研讨会,学习更多的知识。

数据访问管理是什么?

数据访问控制的主要目标是获得可见性风险和执行数据访问政策。数据访问管理已经发展成为一个独立的行动,需要自主策略,预算和实施计划。数据访问管理涵盖了许多关键领域,包括数据安全;PII保护;提供关键数据资产;和管理权限。

黑暗是什么数据?

黑暗组织收集数据的信息资产,流程,和商店在正常业务活动,但通常不能用于其他目的。例如,黑暗的数据可能会的形式分析,业务关系,直接货币化。

一个数据公民是谁?

数据的公民是一个员工,他得到一个组织的专有信息。使用“公民”一词是强调员工的权利访问企业数据也有责任。

什么是数据房地产?

数据房地产只是基础设施来帮助企业系统管理所有拥有企业数据。

什么是数据最小化?

最小化原则,国家数据收集和处理不应该举行或进一步使用,除非这是至关重要的原因是事先明确表示支持数据隐私。

什么是数据安全的姿势管理?

数据安全姿势管理(DSPM)是一个新兴的市场集中在降低风险和改善周围的安全组织的最有价值的资产——它的数据。

什么是数据扩张?

数据蔓延扩散在数量和不同种类的数字信息(数据)创建、收集、存储、共享和分析业务,主要在企业级别。平均4 - 6平台组织管理数据。乐动平台登录链接在哪

腐烂的数据是什么?

冗余的、过时的或微不足道(腐烂)数据是数字信息业务,尽管数据没有商业或法律价值,即一个复制的信息或数据点,并不在任何积极的方式帮助公司。

为了收集和管理腐败数据,您的业务需要一个数据保留和删除策略。加入这个网络研讨会技巧和最佳实践确保腐烂数据并不是阻碍你的业务。

左移位:数据分类策略

分类数据发现尽可能多的与它的位置和重要性,最终应采取什么行动数字信息。前瞻性的安全应该采用左移位的策略。但这到底意味着什么呢?

左移位是一种哲学,看数据摄入水平的左边漏斗(见图片)。根据IAPP,狭窄的结束代表着当数据第一次进入公司的科技生态系统。当你移动的漏斗,与副本的数据量增长,推理和数据分析。收集的重点是最适合分类和库存数据,创建下游效率。大多数公司分类和库存数据的右侧漏斗,导致延迟,错误,和潜在的安全事故。

图表展示的概念使用左移位数据隐私和安全政策
For security teams to be able to shift left in their data classification strategy, they’ll need a consumer-facing collection point for capturing consent and purpose that integrates these signals into the data map to inform the orchestration of data policies that include access and retention.

\r\n

 

\r\n

What is the responsible use of data?

\r\n

Now that problems have been acknowledged and definitions for data discovery explained, how does a company responsibly use the data it captures and creates? What exactly is responsible data use?

\r\n

 

\r\n

Much like your business considers and applies guidelines and frameworks around its people, products, and processes, so should it be doing for its data. Organizations need to think of the data it has as part of the people it is tied to. The data must be treated ethically and fairly, just the way people are.

\r\n

 

\r\n

With data creating infinite risk factors to organizations, CISOs are facing unheralded security incidents. Check out this infographic to better understand mitigation strategies.

\r\n

 

\r\n

Consider a three-step approach to the data management lifecycle your business employs:

\r\n

 

\r\n

Discover: Uncover hidden data including good data in bad places, sensitive data with inappropriate access, and hoarded dated

\r\n

 

\r\n

Control: Trigger internal workflows to remove sensitive information, restrict access, or apply privacy-enhancing technology such as encryption or masking

\r\n

 

\r\n

Activate: Promote responsible data usage by automating core privacy workflows, and capturing and governing throughout the data lifecycle

\r\n

 

\r\n

Businesses must consider their needs and goals when using data, no matter which department is processing or controlling that information and regardless of structure. There are six guiding principles to responsible data use that can help organizations.

\r\n

 

\r\n

What’s the purpose?

\r\n

Data collection should be tied to a purpose, its use limited to that purpose, and disposed of when no longer needed to fulfill that purpose. For personal data, specifically, the purpose should be clearly communicated to the individual at the point of collection.

\r\n

 

\r\n

Be transparent

\r\n

Organizations should clearly communicate how and why data is collected, used, and shared.

\r\n

 

\r\n

Offer the choice

\r\n

Individuals should be given the ability to granularly choose or consent to how their data is being used, creating a mutual value exchange that builds trust

\r\n

 

\r\n

Implement governance

\r\n

Organizations must have the proper technical controls in place to ensure that data is only used as defined by their policies and the informed consent of the individual

\r\n

 

\r\n

Protection through security

\r\n

Organizations must have the proper security controls in place to ensure that data is protected from unauthorized use or disclosure

\r\n

 

\r\n

Ethical evaluations

\r\n

Organizations should evaluate the ethical implications of data use as well as the legal implications, especially with emerging technologies such as artificial intelligence

\r\n

 

\r\n

Gain visibility and take action to de-risk your organization’s staggering amount of data. Learn how to implement those strategies in this infographic.

\r\n"}}" id="text-07dc11e40e" class="cmp-text">

安全团队能够左移位数据分类的策略,他们需要一个面向消费者收集点捕捉同意和目的,将这些信号数据映射到通知数据的编制策略,包括访问和保留。

负责任地使用的数据是什么?

现在问题已经承认和定义数据发现解释说,一个公司如何负责任地使用它捕获的数据并创建?负责数据使用究竟是什么?

就像你的生意考虑和应用指南和框架绕着它的人来说,产品和过程,所以它应该做的数据。组织需要考虑数据的一部分人的联系。数据必须被道德和公平,只是人的方式。

与数据创建无限风险因素组织CISOs面临没料到的安全事故。看看下面这张信息图为了更好地理解缓解策略。

考虑一个三步的数据管理方法生命周期业务雇佣了:

发现:揭开隐藏数据包括良好的数据在糟糕的地方,和不适当的访问敏感数据,囤积过时了

控制:触发内部工作流删除敏感信息,限制访问,或应用加强隐私加密或屏蔽等技术

激活:促进负责任的数据使用通过自动化核心隐私工作流,并捕获和管理整个数据生命周期

企业在使用数据时必须考虑他们的需求和目标,无论哪个部门处理或控制信息,无论结构。有六个指导原则可以帮助组织负责数据使用。

的目的是什么?

数据收集应该绑定到一个目的,它的利用有限的目的,当不再需要处理完成这个目的。个人数据,具体来说,目的应该清楚地传达个人的集合。

是透明的

组织应该清楚地沟通如何以及为什么数据收集,使用,和共享。

提供选择

个人应能够精确地选择或同意使用他们的数据,如何创造一个价值交换,建立互信

实现治理

组织必须有适当的技术控制以保证数据只使用所定义的政策和个人的知情同意

通过安全保护

组织必须有适当的安全控制以保证数据免受未经授权的使用或披露

道德评价

组织应评估数据使用的伦理问题以及法律含义,特别是在新兴技术,如人工智能

获得可见性和采取行动来减少组织的数量惊人的数据。了解如何在这张资讯图像中实现这些策略。


你可能也喜欢

网络研讨会

数据发现

现场演示:OneTrust数据发现

看到OneTrust数据发现可以帮助组织实现完整的数据可见性赋予你的安全计划和降低风险。

2023年6月23日

了解更多

网络研讨会

数据发现

OneTrust数据发现:深入了解自动化数据发现和分类

加入我们两小时的深入探究数据发现和OneTrust如何帮助隐私,安全团队understaind他们的数据和实现降低风险的目标。

2023年6月13日

了解更多

信息图表

数据发现

如何OneTrust数据发现集成了微软365

探索的三个关键集成功能OneTrust数据发现和微软365。

2023年6月13日3分钟

了解更多
Baidu
map