The Unstructured Data Problem Not Yet Solved - Brent Bigelow - Guardians of the Data - Episode #39
How much of your company’s data is completely unknown? And what risk is it creating?
In this episode, Ward sits down with Brent Bigelow: security consultant, President of the Charlotte ISSA, and a cybersecurity veteran with nearly four decades of experience. They unpack one of the most persistent and overlooked challenges in data security: unstructured data.
Brent shares why unstructured data remains the “wild west” of security, how it quietly grows through everyday business operations, and why most organizations still struggle to get their arms around it, especially in the context of mergers and acquisitions.
The conversation explores how “shadow business” contributes to data sprawl, why traditional approaches like classification and DLP fall short, and how the rise of AI is accelerating both the risk and complexity of managing unknown data. Brent also reflects on his career journey from the pre-internet era to today’s AI-driven landscape, offering hard-earned lessons on sustainability, leadership, and staying curious in a rapidly evolving field.
Takeaways:
- Audit Your Unstructured Data: You can't protect what you don't know you have. Dedicate a formal project to discovering, cataloging, and classifying unstructured data across your organization, especially after mergers and acquisitions.
- Establish and Enforce a Data Governance Policy: Policy is the "stake in the sand." Define where data should live, in what formats, and who owns it. Without written policy, you have nothing to point to when a breach or compliance issue surfaces.
- Watch Out For "Shadow Business," Not Just Shadow IT: Business units are storing data in unauthorized places just as often as rogue IT does. Extend your data governance conversations beyond IT to include business unit leaders.
- Control Privilege and Access as People Leave: When employees move on, they often take data access, or even the data itself, with them. Enforce least-privilege and revoke access promptly at offboarding.
- Treat AI Ingestion of Unstructured Data as a Risk: If your organization is deploying Copilot, generative AI, or any LLM that touches internal data, understand what unstructured data it's consuming. Garbage in, garbage out, and the "garbage" could be sensitive or regulated data.
- Don't Let Duplicate Data Pollute Your AI Models: Version control and de-duplication matter more now than ever. Unmanaged duplicates degrade AI output quality and can introduce conflicting or outdated information into critical workflows.
- Know Your Data Classification Framework and Actually Use It: Internal use, confidential, public. Make sure employees understand how to label data and where each classification belongs.
Quote of the Show:
- “Unstructured data is no different than the ocean: it just keeps rising.” - Brent Bigelow
Links:
- LinkedIn: https://www.linkedin.com/in/brent-bigelow-02b7791/
- Website: https://www.charlotteissa.org/
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
Creators and Guests
