Skip to main content
Get the article on our blog: What you need to know about your data before you launch your AI project.

Flying Cloud

back

“Absolutely eye-opening.” When organizations see their data for the first time.

By June 24, 2022

Knowledge is power, especially in cybersecurity. Sometimes though, getting to the empowerment stage means navigating some…unnerving…discoveries along the way. Many of our customers experience a bit of shock when they realize where data goes once it’s accessed from a secure repository. These are actual things customers have said:

  • “Wow, this is eye-opening.” Yes. Yes it is.
  • “I had no idea.” You’re definitely not alone.
  • “OMG. This is terrifying.” Breathe. It’s going to be OK.
  • “Maybe I should just resign now.” No. No you shouldn’t.

Most organizations can describe their infrastructure security solutions and tools in place. Almost none can provide accountability for data itself. This is why.

Once data is accessed from secure repositories, by authorized people, for legitimate business purposes, it proliferates. Person A has authorized access to a data set and needs data for any number of different reasons—analysis, reporting, updating, etc. Some of that data is then shared with other people who need the analysis results or the report in order to perform their job. And whatever their role might be, the data becomes part and parcel of their work product—even though they never had legitimate access to it from the original repository.

When we fingerprint a dataset for a customer, for the first time, they actually see where the data goes and what happens to it. Questions ensue. “Why did Bob send that data to Sally over in Accounts Payable?” “Why did Oscar over in engineering need a customer account history?” “How in the world did it get in the hands of Vendor C?”

We call this “data accountability”—the ability to see and know what happens to data on the network. Scary? Only temporarily. Because once we can follow and monitor it, we can provide the context and insight you need for deciding how you want to secure it. At the same time, we’re defending it from threats and implementing the ability to instantly shut down every instance of suspected data redirection or misuse.

Data accountability also identifies data on the network that isn’t yours. Suppose an employee checks their bank account at lunch and downloads their bank statement to their desktop system. That data is now on the company’s network—are you responsible for protecting it? Only your team can make that decision, but now you can ask the right questions.

And just to tell the end of the story, every customer who initially reacted with “oh no, now what?” has used CrowsNest to completely turn the tables on data accountability. Read any of our Solution Briefs to learn how.