It is commonplace to turn on the television news and hear of a new data breach from a large retailer or someone else. No one wants the legal problems (not to mention the embarrassment and the hit to reputation) from having their systems breached. Consequently, data security is on everyone’s mind.
However, many companies have multiple large data centers, departments, vendors, etc. – all that may have business data of the corporation. The first step in working toward data security is to assess where the company data is stored. This step can be much more complicated than it would seem. It is quite common for a company to start assessing its data locations and then find out that its business data is in a lot more places / systems than originally thought. To make things even more complicated, the exercise is not as simple as identifying the potentially many places that may hold business data. After identifying the “where” question, you must identify the “what” question by also classifying what types of data are held in each location / system.
This classification can make a big difference for data security purposes. For example, it is important to know which locations / systems contain low-level business information vs. the locations / systems that contain sensitive company secrets or personal information (such as names, addresses, social security numbers, etc.), or individual health information, as the data security best practices and requirements are different for different classes of data.
Consequently, it is important to have a good data assessment to determine what you have and where you have it as a first step in your quest for data security.