Securing data in the lead up to GDPR

On May 25, GDPR will come into force, requiring companies to comply with strict new data protection laws. To do so successfully, they must understand the difference between structured and unstructured data

  • By Jan van Vliet, VP and GM of EMEA, Digital Guardian | Friday, May 4th, 2018

Structured data is organised in a way that machines understand and is significantly easier to secure than unstructured data, which is mostly used as a way for people to communicate

Companies today have access to ever-growing amounts of data, all of which must be stored somewhere. Crucially, data must be stored securely, and with General Data Protection Regulation (GDPR) coming into force on May 25, it’s more important than ever for businesses to ensure the data they collect is protected.

There are two types of data – structured and unstructured – and they make up the sum of an organisation’s data collection. Both types are vital to modern digital enterprises, but they must be managed – and secured – differently.

Two data types
Structured data is organised in a way that machines understand, and is unreadable to most people (unless they are programmers). It’s generally stored in relational databases and displayed in defined columns and rows. This allows data mining tools and algorithms to access and analyse it via search tools.

In comparison, unstructured data is not organised at all. It’s stored in easily accessible and shared formats such as email, PDF files and text messages, and is typically used as a way for people to communicate. Unfortunately, the ease with which unstructured data can be shared and created also makes it vulnerable to unauthorised access.

The ease with which unstructured data can be shared and created also makes it vulnerable to unauthorised access

Defining the difference
The most obvious difference between structured and unstructured data is made clear by their names – they are structured, or organised, differently. But there are a few other key differences – notably in terms of data access.

Unstructured data is not organised in a way that computers can understand, making it difficult for machines and algorithms to access and analyse it. Analysing unstructured data relies on aggregating all available data, identifying the data integral to the problem at hand and conducting analyses to identify patterns and relationships; it’s time-consuming work.

Differences also abound in terms of data entry. Databases rely on structured data entry where the data input matches with the structure defined by the database schema. Machines are able to analyse structured data because only certain types of data are entered into defined fields.

Unstructured data, however, may be stored in a file within an internal structure and does not conform to a pre-defined data schema or structure.

Best Practices
Structured data stored in databases can be secured relatively easily as access can be restricted according to strict guidelines. Although securing structured data may seem simple, this doesn’t mean it’s an insignificant effort. It’s an important part of IT governance that includes the creation of secure central storage for data, tracking data entry and use and managing authentication and encrypted communication using SSL protocol. Organisations also need to protect devices with secure passwords, use remote access to locate and wipe data from missing devices and train employees on data protection policies and best practices.

Unstructured data is a wholly more complex matter as it’s spread throughout an organisation; it exists everywhere and anywhere users access or create content. This means it can be difficult to even know if this data exists, who has access to it and who has used it.

Tracking the flow of unstructured data through an audit trail is also challenging. Pattern matching technology can scan servers and workstations to classify unstructured data, but these solutions often result in false positives and negatives – and this can slow workflow.

Securing unstructured data presents different challenges to protecting structured data. It helps to start with the same best practices that are observed when securing structured data, but there are additional steps that must be taken as well. Businesses must identify unstructured data at its point of creation, classify it as unstructured, assign an owner to sensitive unstructured data and identify who has access to this data.

Structured and unstructured data are of equal importance to enterprises, yet many data protection efforts focus on securing structured data without taking adequate measures to protect unstructured data that’s just as sensitive, but more challenging to secure. With the GDPR deadline looming, organisations need to ensure that they are securing both types of data, or they risk penalties and reputational damage. Ultimately, today’s enterprises need robust data protection solutions that secure all forms of data created, used and maintained by the organisation.