Reading time: ~ 4 min.
In our previous article, «Data Assessment in Cybersecurity: A Strategic Pillar for Compliance and Risk Management», we explored the essential role of Data Assessment in Cybersecurity and data privacy. We discussed how aligning a Data Assessment strategy with international standards – like NIST 2.0 and ISO 27001 – as well as privacy frameworks (e.g. GDPR; Swiss FADP aka LPD-DSG-LPD; Bahrain’s Data Protection Law), can help build a strong compliance foundation.
But in reality, even starting with the best methodological approach, many SMEs, and even larger enterprises, find the costs and effort of Data Assessment a barrier to implementing effective data management policies, despite recognizing the risks of non-compliance and low quality data assets.
Why not consider automated tools to streamline the initial data assessment phase?
From data chaos to compliance: retrospective assessment of unorganized data
From data chaos to compliance: retrospective assessment of unorganized data
Over time, many organizations accumulate data without a clear structure or strategy, making retrospective data assessment a complex and costly endeavor. Typically, this involves sorting through years of data across various systems and data format.
An effective data assessment platform should identify, organize, and secure both structured data (like databases and spreadsheets) and unstructured data (such as emails, documents, and multimedia files).
An effective data assessment platform should identify, organize, and secure both structured data (like databases and spreadsheets) and unstructured data (such as emails, documents, and multimedia files).
Finding the best fit: core considerations for data assessment platforms
The diagram in Pic.1 illustrates how a well-integrated data governance framework, supported by a data assessment platform, enables comprehensive Data Management. At the center of this framework is a core repository that organizes metadata from various structured and unstructured sources, such as Databases, Emails, File Shares, SaaS Applications, and Cloud storage.
Following the NIST 2.0 RDaF model, data moves through each stage of its life cycle – planning, generating/acquiring, processing/analyzing, sharing/using, preserving/discarding, and envisioning – within a controlled environment (for more information, refer to our «Data Assessment»).
Following the NIST 2.0 RDaF model, data moves through each stage of its life cycle – planning, generating/acquiring, processing/analyzing, sharing/using, preserving/discarding, and envisioning – within a controlled environment (for more information, refer to our «Data Assessment»).
Surrounding this central repository are essential data management functions that a data assessment platform should support Data Management Policy, Data Discovery, Data Classification, Data Profiling, Data Risk Assessment, and Data Consolidation.
When integrating, data assessment platforms should be designed to offer direct APIs or, where necessary, customizable interfaces that facilitate integration with other data governance tools (note: data assessment platforms don’t always include some data governance features like Access Management).
As data management systems evolve, certain capabilities might become critical:
As data management systems evolve, certain capabilities might become critical:
- Data access governance: integrates with access control systems to enhance security;
- Business intelligence tools: enables seamless data transfer for analytics purposes;
- Data transformation tools: prepares data for application across various platforms;
- Data cataloging: syncs with data inventories to maintain consistency;
- Remediation tools: supports automated issue detection and resolution.
Essential criteria for a robust data discovery platform
To guide the selection of an effective data assessment platform, we’ve summarized the critical features that support comprehensive data assessment projects:
- Multi-source scanning: as data often resides in various locations such as cloud storage, on-premises servers, network drives, emails, and numerous SaaS applications, an effective platform should be able to scan and gather data from both structured and unstructured sources across these diverse environments, ensuring cross-platform compatibility that suits a range of system setups.
- Non-intrusive scanning: the platform should be capable to perform its tasks without disrupting the performances of the existing systems or, if requiring additional hardware, to be implementable without major changes to the existing infrastructure. For small and medium-sized businesses, this can be of strategic relevance.
- Scalable Architecture: a robust data discovery platform should adapt to increasing data volumes, supporting everything from small networks to expansive multi-location setups. This flexibility ensures that the platform remains effective as your data needs evolve, enabling continued management of both structured and unstructured data.
- Cloud data repository or on-prem data storage? The decision between cloud storage and on-premises storage depends largely on an organization’s security needs and budget. Both options have advantages and limitations, which can vary based on country, industry, or specific legal requirements. Since there isn’t a single best answer, managed service providers should ensure they have a flexible tool to support both setups. If you’re the end client, start by reviewing your company’s requirements to choose the option that best aligns with your regulatory and operational needs.
- AI-powered data classification: an effective platform should classify data based on type, sensitivity, and compliance needs using advanced AI rather than simple keyword matching. This approach minimizes false positives and misplaced content or classification, allowing teams to concentrate on protecting sensitive data rather than manually sorting it.
- Integration with other third parties solutions: Data Assessment is just one side of integrated data policy framework implementation, and not all the products the market offers have built in policies for data access, monitor data usage, internal workflows and comprehensive reporting.
- Browser-based access: with a browser-based interface, your data discovery platform can be securely accessed from any device with an internet connection, eliminating the need for specialized software. This feature ensures that team members can manage and monitor data from virtually anywhere, on any device.
- Managed service options functionalities: Companies with limited resources often seek to outsource services, such as CISO-as-a-service or even entrusting an external provider with the entire data assessment project. Platforms with Managed Service Provider (MSP) capabilities offer remote monitoring, automated updates, and dedicated support, all managed by a third-party team. This option is especially advantageous for smaller organizations, as it provides professional data management without the cost and effort of in-house support.
- Open IT architecture: a robust platform should integrate smoothly into your existing infrastructure, avoiding the need for complex server setups or additional software licenses. Compatibility with open-source software is an advantage, especially for small businesses with simple IT configurations. Such flexibility allows even SMEs with modest IT setups to manage substantial amounts of data effectively, supporting compliance without excessive expense or complexity.
Data assessment project strategies: is there a standard approach across sizes and sectors?
Data assessment needs vary widely by business size. Small and medium-sized enterprises often handle significant volumes of unstructured data for compliance, while larger organizations benefit from structured systems and dedicated teams for data governance.
Larger firms also rely on complex infrastructures that support advanced platforms, organizing data across storage systems like SAP or digitization activities.
Sector-specific needs play a role too. Finance, manufacturing, and services face unique regulatory demands, but privacy frameworks are driving a transversal approach to data structuring across industries, regardless of sector.
So, how should we begin a data assessment project? Let’s break it down together...next time!
Author: Michele Roveda
Company: E-Venture Business Solutions (itSMF Advanced Sponsor)
If you want to keep you up-to-date with the most recent post on this topic, don't forget to become itSMF Switzerland member:
Our sponsors
A special thanks to our Advanced Sponsors: