In our blog post earlier this month we discussed the importance of getting rid of non-essential data…the unused, overtaken-by-events stuff that create compliance and cyber risks. But an equally important concern is data organization…this is where time is wasted because of poor organization of data.

Examples

HR data - your HR data is generally subject to compliance requirements. So it should be reasonably segregated with access permissions appropriately set. Typically HR staff would have read/write privileges…and unless owners or managers are frequently working with that data due to hiring, etc., they would normally be set to read-only. HR data should not typically be spread across multiple shared folders…unless you are an HR/outsourcing company. Try to keep it as simple as possible.

Sensitive Operational Data - For clinics this equates to operational patient data and patient records. For an accounting firm these are operational client files, tax info, accounting company files, etc. Permissions might be assigned by client or patient groups, various lines of business, or based upon teams. If the team responsibilities are very firmly divided, then each team might be set up with its own shared folders, with permissions assigned accordingly.

But what is the age of the data? Are records from one group beginning to show up in the wrong team’s shared folders? Is this becoming a more common occurrence? Are you seeing an increase in accidental deletions, especially by new users? This may be an indicator that either the folder structure is too complicated, or permissions levels for various groups need to be reviewed. Again, can things be simplified?

Manufacturing Data - Enterprise Resource Planning (ERP) systems are more common now than 5 years ago…some are hosted on-premise using virualised server environments. Some are hosted in the cloud, and some are hybrids. Typically because of the high processor and memory loads entailed in using CAD drawings and other engineering systems it is most common to keep all of the associated data files in the same storage system. This keeps the system highly responsive whether based on-prem or in the cloud.

If data is poorly organized this results in highly complex folder structure with long path names, which becomes problematic over time. So what is a “path name”? This refers to the path needed to access a specific file…an example would be a path like: e:\drawings\CAD\Bellwether Aircraft\Wings\Right Wing\InnerSpar\Fasteners\StainlessFasteners\Rivets\FlushRivets\Part7844hu89tango_whatever\flush2782.dwg

If you were to take the time to count characters from the “e:” to the “g” in dwg you would get roughly 150 characters. So what’s the big deal?

In most storage systems there will be some limits on path length which limits the number of characters to 256 characters. This means that while the file path will work fine today, eventually the storage or server will need to be upgraded or migrated to another location. And if a long path limitation is in effect, the data may not migrate correctly. And as can be imagined, in the name of description clarity, folder names often become far more “decriptive” (after all a picture is worth a thousand words, right?). In CAD drawings numerous files are linked together…upwards of dozens, if not hundreds can be linked. And these all depend upon accurate path references. If a single folder name is changed to shorten, then the index can be damaged voiding access to many files.

This means at the outset it is important to plan your storage, folder structure, and naming conventions well…and be cognizant that future changes to the business need to be considered to some extent now:

These are just a few examples, and each industry can be very different from another, but be aware of the following:

• Your storage folder structure should be a simple as possible within the constraints of your cyber and compliance requirements

• The permissions structure should be kept as simple as possible, using security groups properly which will generally allow you to create user account “templates” with one template per typical user type. This way the permissions for a new user do not have to be created from scratch, the relevant template is simply copied to create the new user

• Auditing must be setup on any folders with potentially sensitive data in accordance with organizational policies

• There may be a registry fix to enable 256+ character path names (operating system dependent)

• Keep folder names to a reasonable length

• If your business is successful, you will be migrating data. Count on it.