By Brad Cheedle
Valuing Your Data So You Can Protect It
In today’s digital age, it’s no surprise that the amount of data held by companies is increasing at an unprecedented rate. IDC and Bloomberg predict the digital universe of data will reach nearly 50 zettabytes by next year and nearly 200 zettabytes by 2025. Not only is the amount of data exploding, but thanks to advancements in technology such as cloud computing, its geographic availability is spreading.
No longer confined behind firewalls and contained only to corporate internal systems, data is being stored, shared and used broadly around the world. Consider the various types of data in the healthcare industry alone – medical images, insurance records and patient data, just to name a few. There is no question this data is extremely sensitive and valuable to all parties involved.
Given this staggering amount of data, a few key questions emerge:
- What is the value of an organization’s data?
- How can organizations recognize this value?
- How can and should this value be protected?
The Case for Data Valuation
Leading industry analyst firm Gartner has long argued that information is a business asset that needs to be managed, deployed and valued. And while most will agree that their data is an asset, even info-savvy organizations often don’t list their data in the assets column of their balance sheets. Most claim this is because they have no accounting models for measuring that value. Because data is not a physical entity, it does not follow normal accounting rules. So how do you figure out how much your data is actually worth? Gartner and several other sources, such as McAfee, track market values and/or have proposed various methods to compute the value of information assets that include models based on consumption and calculations that take into account intrinsic, market and cost value, among others.
Medical data carries perhaps the greatest value, creating a heightened risk for a security breach for the healthcare industry. Thieves that steal a patient’s identity can fraudulently bill organizations like Medicare for big payouts. One way to get perspective on the value of your medical data is to consider its value on the black market. A medical record is worth roughly $150 to black hat hackers in Brazil, China and Russia. A Medicare record is worth $600. So, even if an organization holds just 10,000 records, stealing those records is worth at least $1.5 million to a hacker. Cybersecurity attacks on hospitals and practices have not only made headline news but severely compromised entire organizations and their patients, leaving them to pay very high prices that impact their overall value.
Remember that a hacker of your systems is looking through your data to exploit the exposed infrastructure with the greatest number of vulnerabilities – regardless of who you are or what data you have. This means that you cannot value security based on the relative size of your company; you must value it based on the value of your data. In addition to knowing the value of your medical records, it’s also important to work with a partner that is independently audited with 100 percent compliance against regulations like HIPPA and HITRUST who fully understands the value of your data and knows how to protect it.
The Internal Value Proposition and Data Protection
Once you have a measurable sense of the monetary value of your organization’s data, you can make the case to include it in the strategic approach to valuing the company as a whole. Work with the executive and finance team to ensure that data valuation is represented in a way that not only elevates the value of the IT organization, but that of the overall business. As you know, research-based recommendations are the best, and sometimes the only way to communicate urgency to top levels of the organization. Spotlighting the tangible importance of these assets helps leadership recognize their value when they see that data equates to money. The need to protect it becomes undisputed and allows you to establish a strategic plan to implement the technology solutions needed to protect, back up and (quickly) recover your data.
You may already know how you want to protect your data now that it is recognized as a high-profile asset. However, take this opportunity to step back and take a holistic look at your environment and systems. Where does your data currently reside? Do you have any security applications in place? Is there a backup plan in the event of breach or natural disaster? Who is managing it, and do they have the skill sets to succeed? Do you currently have all the resources you need?
Be sure to document your organization’s individual needs and weigh the pros and cons of the available solution you are considering. For example, if you are using the public cloud as part of your hybrid cloud strategy, be aware that you no longer have the perimeter fail safe. Encryption is king, and it’s your responsibility. When you transmit data to the public cloud, it is not secure until you secure it.
Many companies today are turning to private or hybrid cloud environments where data is kept off-premise in data centers for the security benefits they offer. Be sure to add disaster recovery and backup capability so that your systems can be restored as quickly as possible to minimize any losses due to unplanned downtime.
And remember, even with off-site and redundant data management, encryption and cybersecurity applications are still necessary. Companies need to have the wide range of skills either in-house or with a trusted partner to ensure ongoing success. Consider covering all your bases with a trifold approach to security that includes physical, technical and administrative security to keep your data safe.
The Bottom Line for the Bottom Line
Organizations are putting themselves at significant risk if they don’t tackle the issue of data valuation. Without a specific value attached to it, data can be viewed as IT expense rather than a strategic asset. And this puts your most important asset in a position to be compromised, exposed and extorted. Growth and success today hinge upon your ability to maximize access to critical data among the right groups and individuals. But this can’t be done without security, trust and reliability. By adding your data to your balance sheet, you can achieve a position that allows you to take immediate steps and ongoing investment in its protection. The health of your patients, partner community and entire organization depends on it.
Brad Cheedle is Chief Executive Officer at Otava, a global cloud solutions provider helping customers access all the components they need to build their secure, compliant technology ecosystem.