Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The dangers of dark data and how to minimize your exposure

Ed Tittel | Sept. 25, 2014
As "dark fiber" is to the telecommunications industry so, also, is "dark data" to many businesses and organizations. These vast pools of untapped, largely unprotected data simply sit there, doing not much of anything for the bottom line.

As "dark fiber" is to the telecommunications industry so, also, is "dark data" to many businesses and organizations. These vast pools of untapped, largely unprotected data simply sit there, doing not much of anything for the bottom line.

Isaac Sacolik's Dark Data: A Business Definition describes it as "data that is kept 'just in case' but hasn't (so far) found a proper usage."

Unfortunately, where dark fiber unambiguously represents an asset just waiting to be tapped by simply lighting it up to add bandwidth and carrying capacity, even untapped and neglected, dark data can pose security risks should it fall into the wrong hands, or range outside its owner's control.

Dark Data Holds Unfulfilled Promises But Also Poses Dark Threats

Most discussions of dark data tend to focus on its potential value and utility to an organization. Indeed, for those outfits willing to expend resources (money, tools and time) to develop and exploit the information and value locked up inside dark data, such potential is undoubtedly attractive. This also explains why many organizations are reluctant to part with dark data, even if they have no plans to put it to work on their behalf, either in the near term or further down the planning horizon.

As with many potentially rewarding and intriguing information assets, organizations must also be aware that the dark data they possess — or perhaps more chillingly, the dark data about them, their customers and their operations that's stored in the cloud, outside their immediate control and management — can pose risks to their continued business health and well-being.

Such risks depend on the kinds and quality of data that a determined investigator might be able to glean from a collection of dark data made available to them. Given the kinds of data that most organizations collect, those risks might include some or all of the following:

Legal and regulatory risk. If data covered by mandate or regulation — such as confidential, financial information (credit card or other account data) or patient records — appears anywhere in dark data collections, its exposure could involve legal and financial liability.

Intelligence risk. If dark data encompasses proprietary or sensitive information reflective of business operations, practices, competitive advantages, important partnerships and joint ventures, and so forth, inadvertent disclosure could adversely affect the bottom line or compromise important business activities and relationships.

Reputation risk. Any kind of data breach reflects badly on the organizations affected thereby. This applies as much to dark data (especially in light of other risks) as to other kinds of breaches.

Opportunity costs. Given that the organization has decided not to invest in analysis and mining of dark data by definition, concerted efforts by third parties to exploit its value represent potential losses of intelligence and value based upon its contents.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.