data-asset-managementHow are you providing perceivable value to your clients?

I’m sure many of you constantly think about this.

Your service is top notch. Your helpdesk answers calls on the first ring. Your projects are finished with a seal of approval from decisionmakers. Problems are handled promptly and resolved. You are communicating risks to your clients not investing in your latest security offerings.

But one thing that can add a big punch to how clients perceive your job performance may be something that’s pretty easy to accomplish.

I’m talking about data asset management.

By data assets, I do not mean software. Nor do I mean every single piece of data within the organization. What I mean are the essential data that make that company successful. Maybe data to help decision making on critical issues. Maybe it’s data that the business relies on to run. Maybe it’s data to ensure the business is growing and competing in a tighter marketplace.

What is clear to me is that if you help your clients define, track, and manage their critical data assets, you will be the here—not just the go-to when they have a computer headache.

What are common data assets?

Here are some common assets that many clients will have:

Customer data—typically your clients will have a customer relationship management software (CRM) or some list of customers and potential customers. Without these lists and associated attributes, they might not be able to reach out to people in need of their service or product.

Employee data—everyone has a team. It’s pretty obvious why employee data is critical. This not only includes payroll and benefits information, but also performance, employee agreements and documentation.

Supplier or partner data—without key players in their supply chain—contracts, contacts, and processes—your clients are probably much less effective at delivering a high-quality product.

Operational data—keeping track of the things that matter is likely a critical piece to any organization you service.

Financial data—numbers often run a business. They typically never lie—that is unless there are none to work from.

Walk through with them these types of data categories and get them to think about their core business processes. Where do they store this data? Who is ultimately in charge of critical data? How is it used and how often do they need it?

As you get your client (or even your team) to appreciate their critical data, they will start to see the consequences of not having it.

That’s where managing those assets comes in.

Some of this data may be inherently sensitive in nature. Other assets may simply be necessary for product delivery. Whatever the case, this data is probably important enough to need special protection.

Your strategy for critical data assets:

I like to follow a 4-step process for identifying and securing the most important data within an organization:

  • Map the data — define where the data lives. Get your client and those interacting with that dataset on board understanding WHY it lives in one spot—rather than all over the network. Get them to come up with a location for the data and help them take ownership of the data being mapped to a particular spot within the network. This will make it easier in the event of a recovery event or incident where backed up data needs to be used for data recovery. If you haven’t already, now would be a good time to walk through a tabletop exercise on data recovery—this might vary department to department and will most definitely be a greatly appreciated exercise, especially among security-conscious clients.
  • Identify who is responsible — there can only be one person in charge. Make sure to define responsibilities for each critical data asset. They will be the ones owning wrangling the data to the defined mapped location and should be the ones involved in validating any data recovery in the case recovery is needed.
  • Asset potential risks with each data set — get your teams involved in identifying risks if data were offline. How long could they work without it? This will help you prioritize recovery if their entire organization were hit with an outage or attack. Also get them to think about the risks with the data. Are there implications if the data were manipulated in some way? How could the team device ways to prevent or mitigate those risks?
  • Define security around critical data assets — additionally, identify what controls need to be in place to protect each asset. If the data is sensitive, what controls and permissions will you implement to make sure it is kept private?

Bottom line: data assets are a critical piece of any business. What are you doing to explain this to your clients? And how are you keeping their data safe?

That is the very question I will be diving into this week in SecOps.