Shining a light on dark data: How companies can institute effective data governance

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for successLearn More

For many businesses, budget season is officially here. And if next year resembles previous years, companies will earmark as much as 7.5% of their total IT spending on data governance, or managing the availability and security of data in their enterprise systems. For larger organizations, data governance can quickly become a $20 million line item on the budget. 

But in a recent study, two-thirds of corporate IT leaders said that managing structured data is their top priority, while unstructured data is less of a concern. This means that a surprising number are likely leaving sensitive information unprotected. 

Optimizing security strategies during an acute talent shortage



Duration 18:08


Current Time 0:02Advanced SettingsFullscreenPlayUp Next

Unstructured data, which exists in various forms in virtually every corner of an organization, is filled with hidden operational risks to businesses. Losing track of it means leaving the door open to bad actors and leaving a company unprepared for financial audits or other scrutiny. 

At a time when cybercrime is at an all-time high, leaving the management of unstructured data on the back burner is no longer a wise option. Businesses need a data governance strategy encompassing all of their information, regardless of format. 


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

Register Now

Fortunately, there are specific steps any business can take to govern the full range of data it generates instead of narrowly focusing on just one set. 

Understand your data

The first step to governing data is understanding it. That includes everything from survey results and maintenance reports to unused USB keys and handwritten notes. 

A large majority of data (80% to 90%) is unstructured information, such as video, audio, social media posts and scanned documents. Unfortunately, too many data programs allow this to exist as a blind spot. And without the tools to analyze this massive and growing data category, businesses are leaving vast amounts of valuable data on the table — and leaving potential risks unaddressed.

Actual data governance means understanding where all this data is, how it is stored and who in the organization can access it. The first step to effective governance is completing a thorough digital inventory of all data. This should incorporate automation for scale, efficiency and accuracy, and be viewed through a vertical-specific lens to leave no stone unturned.

De-risk your data


Once your organization has a thorough accounting of data of all kinds, it’s time to start the de-risking process. 

In my company’s work with businesses in a variety of industry verticals, we have discovered that an inventory of all data generally produces a breakdown that looks like this:

  • About 12% of business data is mission-critical.
  • About 23% of data is redundant, obsolete or unimportant.
  • About 65% of data in the organization is “dark” — sitting unused and hidden in various networks, personal files, emails and other corners.

The dark areas hold cybersecurity risks for businesses, and these areas account for as much as two-thirds of the data businesses generate. Rather than waiting for a breach to catalyze de-risking this data, companies should proactively invest in people and technology to delete, recategorize secure, or otherwise manage dark datasets. 


Dark data: Educate your workers

Employees from the bottom to the top of the organization handle sensitive information, including codes, passwords and financial data. Unsurprisingly, human error is among the main culprit in data breaches. 

For this reason, data security training should become a pillar of all job training and begin on day one. Security policies should become second nature to everyone in the organization, from the administrative assistant to the CEO. Establish formal procedures, and update them as needed. 

Use smart policy management


An effective data governance structure is essential, and acquiring data discovery technology is just the beginning of creating it. Your organization also needs experts who can serve as data owners and stewards. 

Because a thorough data inventory might mean accounting for and managing as many as 100,000 unstructured files, the ownership and stewardship roles cannot be simply tacked on to executive job descriptions. Instead, embedding data privacy, protection and security by design requires automation and specialists’ full attention. 

Think of breaches in terms of when, not if

There are record numbers of bad actors circling the digital perimeters of every business, and unstructured data is one of their favorite entry points. For this reason, companies should think in terms of when a data breach will occur, not if.


More than 80% of U.S.-based businesses have been breached or hacked in an attempt to steal or expose data, and the number gets worse when looking worldwide. 

The numbers of hackers and attempts are not expected to dwindle, so it is up to businesses to proactively prevent breaches. Viewing them as a virtual certainty is a good start; it’s not pessimism but realism. 

However, even though the statistics are grim, your company does not have to be included in them. There are steps any company can take to keep its digital perimeters secure. 

Proper corporate security begins with understanding where the risks lie, and an inordinately high number of them lie in your industry-specific unstructured data. This data may seem challenging to collect and secure, but the right combination of technology, industry insight and human expertise can accomplish just that. 


Organizations must keep unstructured data in mind as they budget for data security. And by following these steps, companies can ensure that this kind of data no longer serves as a “welcome” sign to those who would do them harm.

Daren Trousdell is the chairman and CEO of NowVertical Group.


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read More From DataDecisionMakers