At some point you've made good progress to ensure that yourcredit union is sufficiently protected from data loss. But with therapid advancement of hacking techniques and the increasing threatto all types of financial organizations how can you be certain thatthe protection you've put in place isn't woefully out of date?

In order to assess your data protection capabilities, you firstneed to determine if you can answer basic questions about data. Canyou answer, for any data set, “who has access to it, whois accessing it, who should have access to it,who owns it, when was the last time access was reviewed,which data is critical, and which, if any, critical datais overexposed?” Each question you can't answer representsan opportunity to improve your security.

With more than 23 million records containing personallyidentifiable information leaked in 2011 alone (source:privacyrights.org), it is more important than ever fororganizations to ensure sensitive data is secure. In manyorganizations, keeping up with data growth and preventing a datacatastrophe seems insurmountable with existing IT resources —imagine how it is going to be in a few years without additionalskilled staff to help you.

Recent advancements in data governance software automationenable IT to more easily implement steps to prevent data from beingmisused or stolen. Here are the top seven:

1. Audit Data Access

The first step towards getting your data under control andaverting disaster is to properly audit all data access activity.Once your data touches are being audited, you can easily determinewho is doing what with your data. Auditing also provides thenecessary data to allow IT to determine who owns a data set so theycan be involved in deciding who should have access to their dataand what constitutes acceptable use.

2. Inventory Permissions and GroupMemberships

Once you are tracking what people are doing with your data, youneed to look at who has access to what data. A full inventory ofpermissions for all of your data stores and the folders within themcan take time, especially if you're creating it manually.Thankfully you can now automate this. By combining the permissionsdata with group memberships, you can start to see who haspermission to access each file or folder. With this data IT canquickly answer fundamental data protection questions like “Who hasaccess to a data set?” and “Which data sets does a user or grouphave access to?” This forms the foundation for assessing andcleaning up permissions.

3. Prioritize at-risk data

While all data needs to be protected, not all data is createdequal. Some files contain confidential corporate information; otherfiles contain sensitive customer data. By using tools that analyzeyour data to identify sensitive content and combining that datawith other relevant metadata you will be able to locate files andfolders where such data is overexposed.

4. Remove global access groups and revoke broad accessrights

In many organizations today, access controls have been in placefor years and often much of the data is open to global accessgroups like the “Everyone” group. Even if this exposed data isn'tsensitive or confidential in nature, excessively broad accesscontrols invite trouble. Removing global access groups is a goodstep towards ensuring that only the right people can get to yourdata.

5. Identify Data Owners

Once you've done these general housekeeping tasks it is time tolook at individual datasets to figure out who is qualified to makeaccess decisions, and designate a data owner. The appropriate owner(or custodian) will often be one of the active users of that data,or their immediate supervisor. Automation can significantly reducethe time it takes to identify data owners, by analyzing accessactivity over time and indicating likely candidates.

6. Lock down, delete or archive stale data

In many organizations stale data is clogging up vast amounts ofstorage space, making it harder to manage. In addition to thecost of storing all of this stale data, keeping it on your activeservers increases the risk of misuse. Automation can analyze accessactivity and identify data that is not being used or non-businessdata, and even move, archive, or delete it.

7. Clean up stale groups and access controllists

Unneeded complexity slows performance and makes mistakes morelikely. Organizations often have as many groups as they do users –many are empty, unused or redundant. Access control lists oftencontain references to previously deleted users and groups (alsoknown as “Orphaned SIDS”). These legacy groups and misconfiguredaccess control objects should be identified and remediated toimprove both performance and security.

Automation is the only way forward given the vast number ofprocesses which the average IT security manager has to manage, andthe almost infinite number of threats which the hacking communityhas forced as to defend ourselves against. By following the abovesuggestions and sticking to the seven steps you can be confidentyour organization's data is secure.

David Gibson isvice president of strategy at Varonis in New York City.