Information is at rest most of the time. Therein lies the problem. Give malicious attackers, rogue insiders or just a few bored employees any decent amount of time on your network and they’ll likely uncover sensitive information they shouldn’t be able to access. So what’s a network or storage admin to do? Unstructured information (PDFs, spreadsheets, word processing documents, etc.) is scattered all about the network in practically every nook and cranny. How you can possibly find out where everything is so you can ensure it’s safe from prying eyes?
The simple formula is to find out what you’ve got, determine how it’s at risk, classify it and do whatever it takes to keep it in order only accessible to those with a business need to know. It’s that first step though – finding what you have – that’s so difficult. I’d venture to guess even the sharpest network/storage admins don’t have a real sense of what’s actually stored in their environment. Not from lack of expertise or effort but rather because it’s just so darn difficult to find where everyone and every application has stored these files.
Here are some ideas on what you can do to figure out what’s where:
- Simply ask information owners what they’ve got. It won’t be completely reliable but it’s a start.
- Use search tools you’ve already got such as Windows Explorer or find in UNIX/Linux. Painful but possible.
- Use more advanced search tools such as Google Desktop or FileLocator Pro.
- Use enterprise search tools such as Identity Finder or even some of the more advanced e-discovery/ILM tools such as those offered by StoredIQ or EMC/Kazeon.
However you go about it, just do something. There’s undoubtedly unstructured information at risk in your storage environment and getting started finding out where it’s at today will serve your greatly down the road when things are even more complex.
Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.