peshkova - Fotolia

Manage Learn to apply best practices and optimize your operations.

Thwart 'dark data' risk with data classification tools

As 'dark data' piles up, so do its associated risks and information governance issues. In this Ask the Expert, Derek Gascon offers steps for addressing dark data's GRC complications and explains how new data classification tools can help.

With the continued accumulation of digital information, it has become imperative for many organizations to address so-called dark data. This old, stored data was used for past business activities and kept for regulatory compliance purposes, but is now ignored because it no longer generates any value. Unfortunately, companies that disregard this structured and unstructured data (also known as legacy data) and let it pile up and remain unclassified not only fail to take advantage of its ability to drive new revenue or decrease internal costs, but also expose themselves to further risk and information governance headaches.

In this Ask the Expert, Derek Gascon, executive director of the Compliance, Governance and Oversight Council, advises organizations to start addressing the GRC challenge dark data poses, and how new data classification tools can help.

With organizations generating more data than ever before, how have dark data and legacy data complicated information governance processes? How can companies make sure this latent data is not going to hurt them from a GRC standpoint?

Dark data is data stored in a repository or data store that you know very little about. If litigation or an audit comes from a regulatory body, you don't necessarily know what's in your data store, and it's not being effectively protected. In many organizations, we've seen quite a bit more interest in attacking the legacy data challenge, which is to basically go in and identify data that has value and data that could be defined as debris and can be deleted. This means going into the data stores and beginning to prune off all of the data that no longer needs to be retained by the organization. There are new tools that have come out that allow you to index unstructured data storage to SharePoint, to file shares, and begin identifying and classifying that data. You can either move it or put it in a protected environment, but it needs to be retained for regulatory purposes or for litigation.

Probably one of the biggest areas that complicate information governance is that a lot of the processes only address the currently relevant, new content that is being created. For people that use enterprise content management platforms or other records management document platforms, their data is being managed effectively, but then you still have file stores. Not knowing what's in them creates a tremendous challenge for organizations to respond effectively. They're keeping data that may no longer need to be kept, which exposes them to additional risk.

We are seeing more tools being implemented to go in and index the data that's out there, and that use classification or taxonomy to be able to identify that data so that you can begin to get that unstructured and unmanaged data into a controlled environment. That's one step we're seeing a lot more people doing because of the amount of data that's out there. Organizations want to start culling through all of it and remove the data they no longer need. Otherwise, with all the new data being generated, it's just going to become a bigger problem.

If you don't address this problem now, it's only going to get worse, and the cost and risk associated with legacy data and dark data are going to increase. Dark data could even be valuable for decision making. The more you start drilling into that and discovering what's useful, you have a way to leverage that data. You now know more about it and can ensure a well-managed process going forward.

As told to Ben Cole, Site Editor.

Next Steps

Gascon offers advice on tackling BYOD management problems

How to approach information governance in the big data age

Effective data management can boost business, compliance

Dig Deeper on Information technology governance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What tools has your organization used to leverage dark data?