Until organizations start to shift the responsibility to business data owners, it is IT that has to enforce rules for who can access what on shared file systems and keep those strictures current through data growth and user role changes.

The ten must-do actions for maximizing unstructured data protection are:

• Data Entitlement (ACL) Reviews
• Revocations of Unused and Unwarranted Permissions
• Removal of Global Group ACLs like "Everyone"
• Deletion or Archiving of Stale or Unused Data
• Deletion of Unused User Accounts
• Identification of Data Business Owners
• Preservation of All User Access Events in Searchable Archive
• Continuous Auditing of Key User Accounts
• Continuous Auditing of Key Data Folders
• Continuous Auditing of Security Settings to Data