Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Tidying Expert Marie Kondo: Cybersecurity Guru?

The "KonMari" method of decluttering can be a huge step toward greater security, according to a growing number of executives.

Marie Kondo is a cultural phenomenon. Her philosophy of "joy through tidying up," which she shares on the popular Netflix series "Tidying Up With Marie Kondo," has spawned countless houses minimally occupied by carefully rolled sweaters and perfectly folded linens. She's the decluttering guru for millions.

Could she also be the cybersecurity guru you've been looking for?

"The more time I spend in the cybersecurity world, the more I see people just keep data — not insights — but just keep data for a rainy day," says Grant Wernick, co-founder and CEO of Insight Engines. "Most of the time, nothing ever comes of any of this stuff."

From a security perspective, that "stuff" can be a significant vulnerability. "If you don't have the data to lose in the first place, you can't lose it," Wernick says. But what about all of the value that can come from big-data techniques applied to bottomless lakes of retained data?

"It's always been the recommendation that if you don't need the data, you shouldn't have the data. And that removes the entire risk of losing the data," says Chris Morales, head of security analytics at Vectra. And yet the availability of inexpensive storage has led to a "what if" mentality in many organizations, hoping that someday the techniques will exist to transmute mountains of currently meaningless data into security, marketing, or operational gold.

That sounds very much like the attitude Kondo has built an empire disrupting. Just as she advises individuals to look at each item and ask whether it brings joy (the "KonMari" method), organizations should look at data and ask whether it brings value in excess of its cost. Many organizations lack the formal process to look at data in a rational way.

"Holding on to data too long can be a liability, and getting rid of it too quickly can be a liability," says Terence Jackson, CISO at Thycotic. The problem is that holding on to unneeded data can be very expensive — and dealing with it in order to make decisions can be expensive, too.

"Security teams are understaffed and overtasked," Jackson says. "Adding another mandate to look at all the data a company has and building more committees sounds good, but in practice it can be difficult."

Starting a process to figure out which data to keep can be be hard, too — even without the voices that say, in spite of everything, keeping it all is the right answer.

On Twitter, Kris Lahiri, co-founder and CISO of Egnyte, took the expansive view of data retention while arguing in favor of classifying and categorizing information:

He was joined by Twitter user @dak3, who counseled keeping it all because you never know what might be useful in the future.

Vectra's Morales says that even the prospect of someday being able to analyze data shouldn't keep an organization from digitally tidying up on a regular basis. The most important question around keeping data, he says, is, "Why?"

"Just because you can doesn't mean you should," he explains. "We're looking for threats now in security. I think that there is a time limit on the data because it's retrospective at some point," he says. "If I was running a department right now, I would want to keep at least 90 days of data. I think that's reasonable."

The enterprise analogy of joy is simple, Insight Engine's Wernick says. "So many people look at things from, 'Well, what data sources do I have? I'll start there,'" he explains. "Instead, they should be starting from, 'What use cases [do] I have [and] what [do] I want to achieve?'"

These tidying up conversations are beginning to happen, but enterprise security professionals should pursue them with the zeal of Konmari converts. "I have conversations in business and my personal life about cleaning up the data trail because you just never know with some of the companies what their data hygiene is," Thycotic Jackson says. "We should be keepers of our own data. We should understand who's collecting, what they're collecting, and why."

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
michaelmaloney
50%
50%
michaelmaloney,
User Rank: Apprentice
4/9/2019 | 3:54:54 AM
Get up and get at it
What one really needs in order to sit down and actually get your stuff in order, is to actually sit down and get your stuff in order. I don't deny that Marie Kondo has got a good system for getting things started though. It's nice to have a little bit of instruction and direction so that you know how to start with the big pile of mess. But at the end of the day, there's no easy fix or cure to the situation if you don't do something about it all!
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:39:38 PM
Re: The Intrinsic Battle with Data Hygiene
THEN those lovely huge notes files had real valiue!!!!! That makes sense. Sometime we could not really re-generate data we need.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:38:18 PM
Re: The Intrinsic Battle with Data Hygiene
I would call it STORAGE worthy. Data per se may get old but it should be retained offsite and on good media. That makes sense. It should also be protected. Sometimes offsite may pose additional risks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:36:40 PM
Re: The Intrinsic Battle with Data Hygiene
What companies need to do is get a true understanding of their data - what they have, where it lives, who has access, how it is being interacted with (data hygiene). Good strategy as long as you keep the data secured.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:35:30 PM
Re: The Intrinsic Battle with Data Hygiene
However, many of them talk about keeping data for "what-if" scenarios or say that "nothing ever really happens with that useless data.This is the dilemma. We need data for analytics, but keeping the data in our environment carries a risk to us.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:33:10 PM
Data
"Holding on to data too long can be a liability, and getting rid of it too quickly can be a liability, This really makes sense. If you do not have the data nobody would ask for it.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/29/2019 | 2:17:33 PM
Re: The Intrinsic Battle with Data Hygiene
Delete worthy sounds like an actionable item right now --- I would call it STORAGE worthy.  Data per se may get old but it should be retained offsite and on good media.  This costs next to nothing really and is a good hedge.  YES you may never need it but if you keep it free of open office space per se, it is not visible clutter-  Inventory and note the lot of it and stuff it away secure.  I used to counsel against Lotus Notes email file having too much data clutter and too large.  That was a battle UNTIL A certain day in September 2001 when my datacenter crashed 103 floors to the ground along with the south tower.  THEN those lovely huge notes files had real valiue!!!!!  I never wanted to restrict any file size ever again.  Clutter can be good. 
The Governance Guru
100%
0%
The Governance Guru,
User Rank: Strategist
3/28/2019 | 4:11:43 PM
The Intrinsic Battle with Data Hygiene
There are many great responses to Curtis' reference of Marie Kondo's method being applied to tidying up data. However, many of them talk about keeping data for "what-if" scenarios or say that "nothing ever really happens with that useless data." This is where I have a fundamentally different view. I never really look at any data as "useless", no matter what it is. Marketing material from a campaign 10 years ago may seem delete-worthy, but what if your team decided to run a marketing campaign around the 10 year challenge and you needed to compare those materials with a present-day campaign. What companies need to do is get a true understanding of their data - what they have, where it lives, who has access, how it is being interacted with (data hygiene). From there they can make much more educated/strategic decisions about where data needs to go - archive, backup, active, etc. Modern day governance solutions are a great way to get this ball rolling. Thanks to the proliferation of the cloud, governance solutions can be deployed quickly, are efficient, and cost-effective. IMO this is a much better course of action than to ever simply purge old, "inactive" data.
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10133
PUBLISHED: 2019-06-26
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.
CVE-2019-10134
PUBLISHED: 2019-06-26
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.
CVE-2019-10154
PUBLISHED: 2019-06-26
A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.
CVE-2019-9039
PUBLISHED: 2019-06-26
The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters ?startkey? and ?endkey? of the ?_a...
CVE-2018-20846
PUBLISHED: 2019-06-26
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).