Marie Kondo is a cultural phenomenon. Her philosophy of "joy through tidying up," which she shares on the popular Netflix series "Tidying Up With Marie Kondo," has spawned countless houses minimally occupied by carefully rolled sweaters and perfectly folded linens. She's the decluttering guru for millions.
Could she also be the cybersecurity guru you've been looking for?
"The more time I spend in the cybersecurity world, the more I see people just keep data — not insights — but just keep data for a rainy day," says Grant Wernick, co-founder and CEO of Insight Engines. "Most of the time, nothing ever comes of any of this stuff."
From a security perspective, that "stuff" can be a significant vulnerability. "If you don't have the data to lose in the first place, you can't lose it," Wernick says. But what about all of the value that can come from big-data techniques applied to bottomless lakes of retained data?
"It's always been the recommendation that if you don't need the data, you shouldn't have the data. And that removes the entire risk of losing the data," says Chris Morales, head of security analytics at Vectra. And yet the availability of inexpensive storage has led to a "what if" mentality in many organizations, hoping that someday the techniques will exist to transmute mountains of currently meaningless data into security, marketing, or operational gold.
That sounds very much like the attitude Kondo has built an empire disrupting. Just as she advises individuals to look at each item and ask whether it brings joy (the "KonMari" method), organizations should look at data and ask whether it brings value in excess of its cost. Many organizations lack the formal process to look at data in a rational way.
"Holding on to data too long can be a liability, and getting rid of it too quickly can be a liability," says Terence Jackson, CISO at Thycotic. The problem is that holding on to unneeded data can be very expensive — and dealing with it in order to make decisions can be expensive, too.
"Security teams are understaffed and overtasked," Jackson says. "Adding another mandate to look at all the data a company has and building more committees sounds good, but in practice it can be difficult."
Starting a process to figure out which data to keep can be be hard, too — even without the voices that say, in spite of everything, keeping it all is the right answer.
On Twitter, Kris Lahiri, co-founder and CISO of Egnyte, took the expansive view of data retention while arguing in favor of classifying and categorizing information:
I believe it's important to keep it all but to identify and classify what you have. You never want to dispose of something that could potentially be useful - but you can prioritize more important/sensitive data and optimize how you manage and store it— The Governance Guru (@GovernanceGuru) March 26, 2019
He was joined by Twitter user @dak3, who counseled keeping it all because you never know what might be useful in the future.
Vectra's Morales says that even the prospect of someday being able to analyze data shouldn't keep an organization from digitally tidying up on a regular basis. The most important question around keeping data, he says, is, "Why?"
"Just because you can doesn't mean you should," he explains. "We're looking for threats now in security. I think that there is a time limit on the data because it's retrospective at some point," he says. "If I was running a department right now, I would want to keep at least 90 days of data. I think that's reasonable."
The enterprise analogy of joy is simple, Insight Engine's Wernick says. "So many people look at things from, 'Well, what data sources do I have? I'll start there,'" he explains. "Instead, they should be starting from, 'What use cases [do] I have [and] what [do] I want to achieve?'"
These tidying up conversations are beginning to happen, but enterprise security professionals should pursue them with the zeal of Konmari converts. "I have conversations in business and my personal life about cleaning up the data trail because you just never know with some of the companies what their data hygiene is," Thycotic Jackson says. "We should be keepers of our own data. We should understand who's collecting, what they're collecting, and why."
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.