Understanding What You Have
Many organisations possess substantially more sensitive data than they realise. Without a coherent data management process, critical data naturally proliferates across databases, cloud services, shared drives, spreadsheets, backups, email archives, and personal computers. Without their knowledge, organisations may keep critical data in computer systems with limited security protections and no automated backups. Organisations may also retain far more data than they operationally need, a risk for both security and compliance.
A fundamental challenge of security is that information cannot be protected if its existence is unknown. An important component of Secure Data Architecture is therefore understanding what sensitive information exists within an organisation, where it resides, how it moves between systems, and who is able to access it. This requires auditing existing computing systems, migrating data away from unmanaged systems, and establishing human processes for data handling.