First there was the "Dark Web", then "Shadow IT" and now we have..."Dark Data".
What exactly is Dark Data.
Dark data is simply data that is not in use, most likely not even known to exist and therefore not classified and categorised, which is a real danger.
Lets be frank, organisations hoard data, perhaps out of necessity or because it is never known when it may be needed. But, due to cleverly designed malicious attacks, increasing compliance standards demanding better protection of data and because it's just good security hygiene to do so, organisations are encouraged to think about data ingress, how it is classified/categorised and it's egress of their infrastructure.
Here the importance of retention policies and retention schedules come in. If all data and records are identified and classified, the classifications informs the period of time the data should be kept, especially in terms of PII data.
What are your thoughts on this subject? Are you experiencing a dark data situation? Why not drop us a line to discuss measures we've seen or put in place.
Article written by Ronald Nurse as part of the Security Sumo Newsletter, Issue 9.
Comments