Are spreadsheets the silent killer of data security for large enterprises?


Jason Ambrose

Vice President of Strategic Partnerships

The devasting impacts of data breaches have made explosive headlines in recent years, causing enterprises everywhere to invest significantly in data security improvements. It’s pretty easy to see why: breaches can put hundreds of millions of dollars and company reputations at risk. What’s more, the standard of care to protect personal data rises almost daily and requires continuous oversight.

Beyond the protection of personal data, IT and security organizations must also protect its sensitive corporate information. Much of this data—financial and business forecasts, salary data, M&A modeling, and strategic plans—is as or even more valuable than troves of personal data. It also remains vulnerable to the same risks as personal data breaches and even more vulnerable to employee mishandling when used on a daily basis.

One area that has seemingly escaped all efforts to lock down data-security best practices is the widespread use of spreadsheets throughout large enterprises. Yet despite this being a long-neglected risk that is present in many organizations today, its hazards can be addressed and remedied quickly and simply.

Let’s take a look at how enterprises approach data security today, what causes a high dependency on spreadsheets, and how both roads lead toward finding a solution through a single, unified planning platform.

Today’s approach to data security

To manage the increasing risk of data breaches, enterprises have adopted new standards for managing their data. Most enterprises have clear data classification policies that organize data in public and private categories that designate how well the data should be protected.

These classification policies then inform a data management policy that describes how the data should be handled. In doing so, the policy addresses issues such as:

  • Access: Who has access to the data.
  • Usage: Which users can use the data and how they can use or modify it.
  • Integrity: The steps required to ensure data integrity and where the data resides.
  • Integration: Rules that govern how data is shared and used in other systems.

These classification and data management policies often inform a minimum set of technical security requirements for data in each category, with which IT organizations generally comply faithfully in their supported systems.

The expensive cost of convenience

So, what happens to this data once it it’s classified and complied with? It invariably ends up in spreadsheets as users look to escape the limitations of source systems—particularly around planning processes. While certainly convenient, this can be quite perilous since spreadsheets are meant to be personal productivity tools.

Spreadsheets are flexible, easy to use, and easy to modify, but they are not designed to store and protect sensitive corporate data. So, why have they become a breeding ground for employees who handle sensitive information?

When employees have to work with the level of math typically required for planning and analysis—math that goes above and beyond simple transactional data—the best available option has historically been to dump the data in a spreadsheet, build some modeling around it, and then share it around with colleagues.

However, there is an extreme danger in this approach to data handling. Once that data escapes the stewardship of the data security policies, all bets are off. Spreadsheets do not enforce data management policies and security standards without onerous restrictions that few users suffer. Don’t believe me? Just consider the last time you opened a spreadsheet that required a password.

As a result, IT is no longer able to answer critical questions about its fugitive data such as:

  • Where is the data physically?
  • Who has access to it? Equally important: Who had access to it?
  • What data is stored in these spreadsheets?
  • Where have the spreadsheets gone?
  • Where have their host devices been and who has had access?
  • Where has that data passed in transit?

Data protection that leads to a happier ending

Fortunately, there is an alternative to spreadsheets that can make both users and IT organizations happy while also providing peace of mind: A cloud-based, enterprise-planning platform.

From a user’s perspective, a planning platform such as Anaplan can provide them with the same flexibility as Excel but with much greater scale. Moving from spreadsheets to our platform also allows for greater collaboration and consistency because Connected Planning links many processes across the organization to the same data definitions and drivers.

For IT and security organizations, the Anaplan platform can help reduce spreadsheet-sharing and its proliferation by bringing modeling and collaboration into a single platform. The platform also provides benefits common to cloud security models:

  • User-access models: governance of user access and usage appropriate to roles.
  • Data standardization: single repository for data definitions.
  • Encryption: at rest and in transit.
  • Known physical residency: no longer distributed on personal devices.

While we focus much of our story around our passion for Connected Planning, our platform also provides many invaluable benefits to IT leaders and their business-side colleagues.

Among the vast enterprise-wide benefits of adopting a Connected Planning platform, consider these data security benefits as you work with us and our partners along your Connected Planning journey.

Interested in Anaplan’s bring your own key (BYOK) encryption solution and hearing how it helps customers sleep soundly at night?

Learn more