By Tony Berning, Senior Product Manager at NextLabs
NextLabs routinely advises customers whose businesses handle Controlled Technical Data (CTD) governed by regulations such as ITAR, EAR, and data regulations in non-US Jurisdictions. NextLabs helps these customers to take a proactive, systematic approach to managing CTD throughout its lifecycle. Many of these enterprises have been in business for decades, creating substantial CTD internally as well as acquiring additional CTD through various business transactions and transformations. The CTD can often be found across every type of electronic storage that has ever been used in the enterprise. A portion of this CTD, in some cases a substantial portion, has reached Legacy CTD status, which means that it is no longer actively used in the normal business operations of the enterprise.
Windows file shares were the first large-scale devices to democratize the storage of Enterprise data, making large amounts of storage available to almost every user with little supervision or control over what types of data were stored. These file shares in global enterprises often contain a mix of CTD that was or still may be managed by applications, as well as data that was put on the file share because the creator, manager, or user didn’t know where else to put it. In our experience, Windows file shares are a ubiquitous treasure trove of Legacy CTD, and an excellent choice to learn more about your Legacy CTD.
The first step in approaching Legacy CTD on file shares is to get an accurate listing of file shares across the enterprise. Then, develop a high level map of what CTD is stored on each file share, and, if possible, how frequently the CTD is accessed. Next, determine if the data is associated with a product or service family that is currently sold or serviced by a business in the enterprise. If the data meets this test, then involve the owners of the product or service family to determine whether the data is required by the business. If the business does not need the data, it can be classified as Legacy CTD and removed from the file share to a secure storage location to which users do not have access without special permissions.
If the CTD identified is not associated with a current product or service family, the frequency of access can be used as a proxy for determining the need for availability. After choosing a point in time, e.g., five years, all data that has not been accessed between the chosen point in time and today can be moved to a secure storage location as discussed above.
nextlabs.wordpress.com 