Notifications
Clear all
Topic starter
12/06/2026 9:48 pm
TL;DR: Dark data makes unmanaged, unclassified information the weak point in enterprise security, with Splunk's State of Dark Data survey finding that 55% of enterprise data is dark on average. The issue is not just storage sprawl, but the fact that access governance, classification, retention, and audit controls cannot defend what they never inventory.
NHIMG editorial — based on content published by Netwrix: Dark data explained, why invisible data is a security problem
By the numbers:
- 55% of enterprise data is dark on average.
- 35% of data breaches involved shadow data and those breaches cost 16% more on average.
Questions worth separating out
Q: What breaks when dark data is not inventoried?
A: When dark data is not inventoried, classification, retention, encryption, and access review all lose their operational target.
Q: Why does dark data increase compliance risk for regulated industries?
A: Dark data increases compliance risk because privacy and sector rules depend on knowing where regulated information lives and why it is retained.
Q: How can security teams tell whether dark data governance is working?
A: Teams should look for a shrinking number of unknown stores, a current inventory, documented owners, and remediation records tied to each high-risk location.
Practitioner guidance
- Inventory high-risk data stores first Start with cloud object storage tied to production, legacy file shares, Microsoft 365 repositories, SaaS exports, backups, and archive tiers.
- Map effective permissions to every discovered store Export the effective-permissions view alongside classification results so security, IAM, and data owners can see which identities can actually reach each repository.
- Assign ownership and retention decisions Require a named business owner for each store, then force an explicit decision on whether the data is still needed and whether access reflects least privilege.
What's in the full article
Netwrix's full blog post covers the operational detail this post intentionally leaves for the source:
- Step-by-step discovery and classification sequence for file shares, object storage, and SaaS repositories
- Practical retention and deletion decision flow for regulated and unowned data stores
- Examples of where dark data commonly accumulates in hybrid environments, including logs, archives, and exports
- Operational guidance on tying discovery results into remediation and audit evidence workflows
👉 Read Netwrix's analysis of dark data and data governance blind spots →
Dark data and data governance blind spots: what teams miss?
Explore further
13/06/2026 12:09 am
Dark data is really an identity problem disguised as a storage problem. The article shows that if a store is never inventoried, then no access review, classification rule, or retention control can meaningfully govern it. That means the security issue is not just where data sits, but which identities can reach unknown repositories without oversight. Practitioners should treat undiscovered stores as unmanaged access surfaces, not just unused storage.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1 in 4 organisations are already investing in dedicated NHI security capabilities, which means most teams are still trying to govern machine access without dedicated controls.
A question worth separating out:
Q: Who should own dark data remediation in an organisation?
A: Dark data remediation usually needs shared accountability across security, data governance, IAM, and business owners. Security can discover and prioritise the stores, but only data owners can decide retention, deletion, and access purpose. Without assigned ownership, the same ungoverned data will persist across review cycles.
👉 Read our full editorial: Dark data is exposing the blind spots in data governance
