I was reading a short article on the Computer Weekly website about the recent data breach at ACS:Law. The article echoes what I have been saying for quite some time about the security of unstructured documents. Amichai Shulman, chief technology officer at Imperva commented that the recent data breach highlights a hidden security weakness in unstructured data.

Many organisations have spent millions on securing their databases (structured), leaving a big security hole in not addressing the security of unstructured data. What many organisations forget or miss is that all the data in the database is not very helpful to executives and managers if it cannot be interpreted in a way that makes sense.

The way this data is interpreted is through reports, articles and research materials which appear in an unstructured format. Unfortunately, the priority given to the security of structured data is not the same given to unstructured data. This allows for a massive loophole in an organisation’s overall security strategy.

In his comments to Computer Weekly Shulman said, “organisations typically focus on protecting data in its structured format within databases or as it flows out of web applications, but tend to forget about the dissemination of sensitive data from structured repository into unstructured formats such as Microsoft Office files”

“In its unstructured format the sensitive information is flowing around the organisation almost unmonitored and uncontrolled,” said Shulman.

It is time for organisations to get ready to fight this new battleground of keeping close track of unstructured information repositories and controlling their flow around and outside their organisation, he said.

I also read another article by Computer Weekly which mentions BT and Sky might also complicit in the data breach because both companies sent information to ACS:Law unprotected. This emphasizes the need for organisations to send sensitive data securely to third parties in such a way that it can never be accessed by unauthorised persons.

Enterprise Rights Management is the key to fighting this new battleground. From controlling the print of sensitive material, to securing confidential files on file servers, to persistently securing files that are checked out of repositories like Sharepoint, Alfresco, Documentum, KnowledgeTree etc. Enterprise Rights Management provides you with the final piece in the jigsaw puzzle to complete your entire information security strategy.

Today between all the Enterprise Rights Management vendors there is almost every solution to solve your unstructured document security challenges, helping to secure unstructured data persistently, meaning no matter where the data is located it cannot be accessed by unauthorised persons.

Do you have a hidden security weakness in your unstructured data? If you want to know more about Enterprise Rights Management today drop me a line and we can talk.