Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Tidying Expert Marie Kondo: Cybersecurity Guru?

The "KonMari" method of decluttering can be a huge step toward greater security, according to a growing number of executives.

Marie Kondo is a cultural phenomenon. Her philosophy of "joy through tidying up," which she shares on the popular Netflix series "Tidying Up With Marie Kondo," has spawned countless houses minimally occupied by carefully rolled sweaters and perfectly folded linens. She's the decluttering guru for millions.

Could she also be the cybersecurity guru you've been looking for?

"The more time I spend in the cybersecurity world, the more I see people just keep data — not insights — but just keep data for a rainy day," says Grant Wernick, co-founder and CEO of Insight Engines. "Most of the time, nothing ever comes of any of this stuff."

From a security perspective, that "stuff" can be a significant vulnerability. "If you don't have the data to lose in the first place, you can't lose it," Wernick says. But what about all of the value that can come from big-data techniques applied to bottomless lakes of retained data?

"It's always been the recommendation that if you don't need the data, you shouldn't have the data. And that removes the entire risk of losing the data," says Chris Morales, head of security analytics at Vectra. And yet the availability of inexpensive storage has led to a "what if" mentality in many organizations, hoping that someday the techniques will exist to transmute mountains of currently meaningless data into security, marketing, or operational gold.

That sounds very much like the attitude Kondo has built an empire disrupting. Just as she advises individuals to look at each item and ask whether it brings joy (the "KonMari" method), organizations should look at data and ask whether it brings value in excess of its cost. Many organizations lack the formal process to look at data in a rational way.

"Holding on to data too long can be a liability, and getting rid of it too quickly can be a liability," says Terence Jackson, CISO at Thycotic. The problem is that holding on to unneeded data can be very expensive — and dealing with it in order to make decisions can be expensive, too.

"Security teams are understaffed and overtasked," Jackson says. "Adding another mandate to look at all the data a company has and building more committees sounds good, but in practice it can be difficult."

Starting a process to figure out which data to keep can be be hard, too — even without the voices that say, in spite of everything, keeping it all is the right answer.

On Twitter, Kris Lahiri, co-founder and CISO of Egnyte, took the expansive view of data retention while arguing in favor of classifying and categorizing information:

He was joined by Twitter user @dak3, who counseled keeping it all because you never know what might be useful in the future.

Vectra's Morales says that even the prospect of someday being able to analyze data shouldn't keep an organization from digitally tidying up on a regular basis. The most important question around keeping data, he says, is, "Why?"

"Just because you can doesn't mean you should," he explains. "We're looking for threats now in security. I think that there is a time limit on the data because it's retrospective at some point," he says. "If I was running a department right now, I would want to keep at least 90 days of data. I think that's reasonable."

The enterprise analogy of joy is simple, Insight Engine's Wernick says. "So many people look at things from, 'Well, what data sources do I have? I'll start there,'" he explains. "Instead, they should be starting from, 'What use cases [do] I have [and] what [do] I want to achieve?'"

These tidying up conversations are beginning to happen, but enterprise security professionals should pursue them with the zeal of Konmari converts. "I have conversations in business and my personal life about cleaning up the data trail because you just never know with some of the companies what their data hygiene is," Thycotic Jackson says. "We should be keepers of our own data. We should understand who's collecting, what they're collecting, and why."

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
michaelmaloney
50%
50%
michaelmaloney,
User Rank: Apprentice
4/9/2019 | 3:54:54 AM
Get up and get at it
What one really needs in order to sit down and actually get your stuff in order, is to actually sit down and get your stuff in order. I don't deny that Marie Kondo has got a good system for getting things started though. It's nice to have a little bit of instruction and direction so that you know how to start with the big pile of mess. But at the end of the day, there's no easy fix or cure to the situation if you don't do something about it all!
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:39:38 PM
Re: The Intrinsic Battle with Data Hygiene
THEN those lovely huge notes files had real valiue!!!!! That makes sense. Sometime we could not really re-generate data we need.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:38:18 PM
Re: The Intrinsic Battle with Data Hygiene
I would call it STORAGE worthy. Data per se may get old but it should be retained offsite and on good media. That makes sense. It should also be protected. Sometimes offsite may pose additional risks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:36:40 PM
Re: The Intrinsic Battle with Data Hygiene
What companies need to do is get a true understanding of their data - what they have, where it lives, who has access, how it is being interacted with (data hygiene). Good strategy as long as you keep the data secured.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:35:30 PM
Re: The Intrinsic Battle with Data Hygiene
However, many of them talk about keeping data for "what-if" scenarios or say that "nothing ever really happens with that useless data.This is the dilemma. We need data for analytics, but keeping the data in our environment carries a risk to us.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:33:10 PM
Data
"Holding on to data too long can be a liability, and getting rid of it too quickly can be a liability, This really makes sense. If you do not have the data nobody would ask for it.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/29/2019 | 2:17:33 PM
Re: The Intrinsic Battle with Data Hygiene
Delete worthy sounds like an actionable item right now --- I would call it STORAGE worthy.  Data per se may get old but it should be retained offsite and on good media.  This costs next to nothing really and is a good hedge.  YES you may never need it but if you keep it free of open office space per se, it is not visible clutter-  Inventory and note the lot of it and stuff it away secure.  I used to counsel against Lotus Notes email file having too much data clutter and too large.  That was a battle UNTIL A certain day in September 2001 when my datacenter crashed 103 floors to the ground along with the south tower.  THEN those lovely huge notes files had real valiue!!!!!  I never wanted to restrict any file size ever again.  Clutter can be good. 
The Governance Guru
100%
0%
The Governance Guru,
User Rank: Strategist
3/28/2019 | 4:11:43 PM
The Intrinsic Battle with Data Hygiene
There are many great responses to Curtis' reference of Marie Kondo's method being applied to tidying up data. However, many of them talk about keeping data for "what-if" scenarios or say that "nothing ever really happens with that useless data." This is where I have a fundamentally different view. I never really look at any data as "useless", no matter what it is. Marketing material from a campaign 10 years ago may seem delete-worthy, but what if your team decided to run a marketing campaign around the 10 year challenge and you needed to compare those materials with a present-day campaign. What companies need to do is get a true understanding of their data - what they have, where it lives, who has access, how it is being interacted with (data hygiene). From there they can make much more educated/strategic decisions about where data needs to go - archive, backup, active, etc. Modern day governance solutions are a great way to get this ball rolling. Thanks to the proliferation of the cloud, governance solutions can be deployed quickly, are efficient, and cost-effective. IMO this is a much better course of action than to ever simply purge old, "inactive" data.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17545
PUBLISHED: 2019-10-14
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-17546
PUBLISHED: 2019-10-14
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
CVE-2019-17547
PUBLISHED: 2019-10-14
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2019-17501
PUBLISHED: 2019-10-14
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen).
CVE-2019-17539
PUBLISHED: 2019-10-14
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.