Case Study
Data Mapping: How to Make It Work
A data map can make e-discovery and regulatory compliance a lot simpler, but the difficulties of getting there are well-known. Bruce Phillips offers tips from Fidelity National Financial's data mapping project.
By Joan Goodchild, Senior Editor
August 11, 2009 — CSO —
Data mapping is not for the faint of heart, according to Bruce Phillips. Phillips is Vice President, Information Security Manager at Fidelity National Financial, a provider of title insurance, specialty insurance and claims management services. Phillips said Fidelity National started the process of creating a data map, or a consolidated system that tracks the contents of multiple databases, over two years ago. He quickly found the it to be a huge behemoth of a project.
After a year on their own, Phillips and Fidelity National changed course and invested in a data mapping product from Exterro Inc. Still, even with a product to align the process, and plenty of assistance from staff, Phillips said the data mapping process is arduous and requires commitment of both time and resources. But the end benefit is that the company now has a much firmer grasp of their systems and can quickly respond to data requests.
Here, Phillips details the data mapping project at Fidelity National and gives advice to other organizations considering such a project.
CSO: What prompted Fidelity National Financial to start this process?
Bruce Phillips: One of the challenges businesses have, particularly today, is mergers and acquisitions. It results in a lot of changes in business structure. And keeping track of what systems you have, who are the key players within those systems, becomes an increasing challenge. Whether it is for business continuity, litigation support, legal hold or information security and DLP [data loss prevention], it becomes just a nightmare. What we have found is creating a data map, however you go about doing it, gives you that bit of knowledge that helps you stay on top of an ever-changing landscape.
So you were hoping data mapping would address several issues for you?
Absolutely. Data mapping is a hard thing to accomplish. It's expensive to do; especially if you don't get it right the first time. Once you create it, it's a living and breathing thing. You have to keep it up and maintain it. You must have a commitment to add resources and staff and time to just manage the data map itself, no matter what you are doing it for.
If you do a data map to map everything for just legal or regulatory or IT or just BCO that is a hard sell because it is expensive. If you don't have multiple constituents, don't try it. That's my advice to anyone. Unless you have a lot of uses for it, it's just too hard to do.
data mapping
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
