Tidying Expert Marie Kondo: Cybersecurity Guru?

The KonMari method of decluttering can be a huge step toward greater security, according to a growing number of executives.

Marie Kondo is a cultural phenomenon. Her philosophy of joy through tidying up, which she shares on the popular Netflix series Tidying Up With Marie Kondo, has spawned countless houses minimally occupied by carefully rolled sweaters and perfectly folded linens. Shes the decluttering guru for millions.
Could she also be the cybersecurity guru youve been looking for?
The more time I spend in the cybersecurity world, the more I see people just keep data — not insights — but just keep data for a rainy day, says Grant Wernick, co-founder and CEO of Insight Engines. Most of the time, nothing ever comes of any of this stuff.
From a security perspective, that stuff can be a significant vulnerability. If you dont have the data to lose in the first place, you cant lose it, Wernick says. But what about all of the value that can come from big-data techniques applied to bottomless lakes of retained data?
Its always been the recommendation that if you dont need the data, you shouldnt have the data. And that removes the entire risk of losing the data, says Chris Morales, head of security analytics at Vectra. And yet the availability of inexpensive storage has led to a what if mentality in many organizations, hoping that someday the techniques will exist to transmute mountains of currently meaningless data into security, marketing, or operational gold.
That sounds very much like the attitude
Kondo
has built an empire disrupting. Just as she advises individuals to look at each item and ask whether it brings joy (the KonMari method), organizations should look at data and ask whether it brings value in excess of its cost. Many organizations lack the formal process to look at data in a rational way.
Holding on to data too long can be a liability, and getting rid of it too quickly can be a liability, says Terence Jackson, CISO at Thycotic. The problem is that holding on to unneeded data can be very expensive — and dealing with it in order to make decisions can be expensive, too.
Security teams are understaffed and overtasked, Jackson says. Adding another mandate to look at all the data a company has and building more committees sounds good, but in practice it can be difficult.
Starting a process to figure out which data to keep can be be hard, too — even without the voices that say, in spite of everything, keeping it all is the right answer.
On Twitter, Kris Lahiri, co-founder and CISO of Egnyte, took the expansive view of data retention while arguing in favor of classifying and categorizing information:
He was joined by Twitter user @dak3, who counseled keeping it all because you never know what might be useful in the future.
Vectras Morales says that even the prospect of someday being able to analyze data shouldnt keep an organization from digitally tidying up on a regular basis. The most important question around keeping data, he says, is, Why?
Just because you can doesnt mean you should, he explains. Were looking for threats now in security. I think that there is a time limit on the data because its retrospective at some point, he says. If I was running a department right now, I would want to keep at least 90 days of data. I think thats reasonable.
The enterprise analogy of joy is simple, Insight Engines Wernick says. So many people look at things from, Well, what data sources do I have? Ill start there, he explains. Instead, they should be starting from, What use cases [do] I have [and] what [do] I want to achieve?
These tidying up conversations are beginning to happen, but enterprise security professionals should pursue them with the zeal of Konmari converts. I have conversations in business and my personal life about cleaning up the data trail because you just never know with some of the companies what their data hygiene is, Thycotic Jackson says. We should be keepers of our own data. We should understand whos collecting, what theyre collecting, and why.
Related Content:
Under Attack: Over Half of SMBs Breached Last Year
IT Security Administrators Arent Invincible
Security Analysts Are Only Human
5 Expert Tips for Complying with the New PCI Software Security Framework
Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps