Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

The Role of Unstructured Data in GenAI: From Key Driver to Top Challenge

Author

Jack Berkowitz

Chief Data Officer at Securiti

Listen to the content

This post is also available in: Brazilian Portuguese

Not a day goes by without a new “breaking” headline emerging about generative AI. The topic runs the gamut from the overwhelming opportunities that AI can unlock for businesses to the staggering risk these new technologies hold … to how regulators are dealing with the frenzy of AI-related activity (new GenAI models being released, new products being built and launched with GenAI technology) to shape the future of AI governance. In March, the European Union adopted a sweeping set of regulations around the use of AI by businesses in the form of the EU AI Act — and the US Treasury Department issued a report on the safe use of AI in FinServ just two weeks later. The discussion, however broad, has shifted to a real concern about managing, using, and governing unstructured data.

Cybersecurity, privacy, and data teams are now finding themselves having to react — and react quickly — to take advantage of generative AI technology and, at the same time, ensure that their customers are protected and their companies can meet compliance. And that means, among other things, quickly learning how to deal with unstructured data.

Back to basics: What is unstructured data, and why does it put a knot in your stomach?

Unstructured data refers to data that does not have a predefined data model or is not organized in a traditional row-column database format. It’s typically text-heavy and lacks the structural organization and properties of structured data — for example, all of the documents, emails, social media posts, web pages, and multimedia content that a company may have or own. It can also include all the regulations and policies that companies may need to adhere to, such as tax codes or insurance terms of coverage.

While the majority of most organizations’ data is of the unstructured variety, the bulk of their data management investments are in structured data, which lives in databases or spreadsheets. Semi-structured data has also received some attention over the past several years, with many companies improving their handling of formats like XML documents or returns from APIs in JSON format, which are often used in integrations for exchanging data within or between companies.

But, for most companies, this still leaves enormous volumes of unstructured data deprioritized at best and neglected at worst. Unstructured data management and handling has simply not seen the same level of attention as its structured-data counterpart, with many organizations even struggling to identify all the locations where their unstructured data might live — across which shared drives, cloud systems, applications, and so on. And once it is identified, unstructured data requires different, more complex management and specialized techniques in order for data teams to extract meaningful insights and patterns from it — techniques such as natural language processing, text mining, and machine learning.

Enter GenAI: Why unstructured data is especially relevant in new GenAI technologies

Unstructured data is the driving input for most generative AI systems, particularly for language models and multimodal systems (think picture and video applications), for several reasons:

  1. Massive training data: Generative AI models require massive amounts of training data to learn patterns and representations, and unstructured data provides a rich and diverse source of information.
  2. Natural language understanding: Unstructured text data — such as books, articles, and websites — is crucial for developing natural language understanding capabilities in AI systems. Language models like OpenAI GPT-4 and Anthropic Claude are trained on vast amounts of unstructured text data, enabling them to understand and generate human-like text.
  3. Contextual understanding: Unstructured data often contains rich contextual information, such as sentiment, tone, and implicit relationships, which are essential for AI systems to develop a deep understanding of human communication and behavior.
  4. Domain-specific knowledge: Unstructured data from specific domains — like medical records, legal documents, or scientific papers — can provide valuable domain-specific knowledge for AI systems, enabling them to generate more accurate and relevant outputs in those domains.

Whether a company licenses access to a commercial generative AI system or wants to build or fine-tune its own, the critical components are the documents, images, videos, and other content used to train the system—which provides the context around which the system operates.

Companies’ challenges around unstructured data

For most organizations, unstructured data is inherently difficult to manage, govern, and secure. Here are a few reasons why:

  1. Volume and variety: The sheer volume and variety of unstructured data sources — from emails to documents to social media posts to multimedia files — is the core issue, making it difficult for teams to keep track of and enforce consistent governance and security policies across the organization.
  2. Uncontrolled access and sharing: Once created, unstructured data proliferates rapidly across various systems, devices, and cloud services as people copy, modify, manipulate, and share the content, making it easy to lose track of the data’s original provenance.
  3. Data silos and ambiguous ownership: Compounding this, unstructured data is often created and managed by different departments or individuals within an organization, leading to data silos and ambiguity around data ownership and accountability. While structured data is more likely to have known ownership within an organization due to understood security or cost implications, a company’s unstructured data is often either sequestered for legitimate reasons (e.g., upcoming commentary for an acquisition) or for less desired causes (e.g., political boundaries between divisions).
  4. Inconsistent formats: Finally, the formats of unstructured data are varied. Whereas structured data has collapsed into a small set of universal standards, SQL being a principal one, unstructured content systems have a multitude of formats and legacy patterns. The tools needed to manage these formats in a unified way are unique and require a commitment from the organization to deploy and use them.

In the past, Enterprise Content Management (ECM) systems gained popularity for their ability to manage and organize unstructured data, including documents, images, and other content. However, due to cost, architecture, user experience, and—most notably—many companies’ migration to the cloud, they fell out of favor with most businesses.

Today, many organizations have opted to replace or augment ECM systems with more modern, cloud-native, AI-powered content services platforms that better align with their digital transformation initiatives and the evolving needs of managing unstructured data at scale. Today, systems like Microsoft’s Office365, Atlassian Confluence, and Google’s Office Suite dominate usage. Unlike their ECM predecessors, these systems are flexible and easy to use, which is great for creative use but still doesn’t do much from a governance or security perspective.

How companies can start to tackle the unstructured data problem

To effectively manage their unstructured data, companies should implement the following strategies:

  1. Data discovery and classification: Identify and classify unstructured data assets across the organization, including documents, emails, multimedia files, and other content. Use data discovery tools, machine learning, and natural language processing to automate the process and categorize data based on sensitivity, content, and purpose.
  2. Data governance framework: Establish a comprehensive data governance framework that defines policies, roles, and responsibilities for managing unstructured data throughout its lifecycle. This includes data creation, storage, access, retention, and disposal.
  3. Metadata management: Implement metadata management practices to enrich unstructured data with contextual information, such as data owners, access permissions, retention periods, and other relevant metadata.
  4. Access controls and data security: Apply appropriate access controls, encryption, and data loss prevention (DLP) measures to protect sensitive unstructured data from unauthorized access, data breaches, or accidental exposure.
  5. Data lifecycle management: Define and enforce policies for data retention, archiving, and disposal. Automate processes for managing data lifecycle stages, ensuring compliance with regulatory requirements and minimizing data storage costs.
  6. Cloud and on-premises integration: Develop strategies to manage unstructured data across cloud and on-prem environments, ensuring consistent governance, security, and compliance across hybrid infrastructure.
  7. Continuous monitoring and auditing: Implement processes to track data access, usage, and potential data leakage or misuse.

Overcoming the challenges presented by unstructured data requires a comprehensive data governance strategy that includes data discovery, classification, access controls, lifecycle management, and robust security measures. Organizations need to invest in specialized tools and technologies and train and educate their employees on best practices for handling and securing unstructured data.

For the first time, Securiti, the pioneer of the Data Command Center, and Lacework, a best-in-class Cloud Native Application Protection Platform (CNAPP), come together with a strategic, collaborative solution built to empower enterprises to manage and safeguard their unstructured data across complex multicloud environments. Learn more about how the combined solution can protect you and your data — everywhere, at scale — and contribute to your peace of mind.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


Share

More Stories that May Interest You
Videos
View More
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Spotlight 13:32
Ensuring Solid Governance Is Like Squeezing Jello
Watch Now View
Latest
View More
Databricks AI Summit (DAIS) 2025 Wrap Up
5 New Developments in Databricks and How Securiti Customers Benefit Concerns over the risk of leaking sensitive data are currently the number one blocker...
Inside Echoleak View More
Inside Echoleak
How Indirect Prompt Injections Exploit the AI Layer and How to Secure Your Data What is Echoleak? Echoleak (CVE-2025-32711) is a vulnerability discovered in...
What Is Data Risk Assessment and How to Perform it? View More
What Is Data Risk Assessment and How to Perform it?
Get insights into what is a data risk assessment, its importance and how organizations can conduct data risk assessments.
What is AI Security Posture Management (AI-SPM)? View More
What is AI Security Posture Management (AI-SPM)?
AI SPM stands for AI Security Posture Management. It represents a comprehensive approach to ensure the security and integrity of AI systems throughout the...
Beyond DLP: Guide to Modern Data Protection with DSPM View More
Beyond DLP: Guide to Modern Data Protection with DSPM
Learn why traditional data security tools fall short in the cloud and AI era. Learn how DSPM helps secure sensitive data and ensure compliance.
Mastering Cookie Consent: Global Compliance & Customer Trust View More
Mastering Cookie Consent: Global Compliance & Customer Trust
Discover how to master cookie consent with strategies for global compliance and building customer trust while aligning with key data privacy regulations.
View More
Key Amendments to Saudi Arabia PDPL Implementing Regulations
Download the infographic to gain insights into the key amendments to the Saudi Arabia PDPL Implementing Regulations. Learn about proposed changes and key takeaways...
Understanding Data Regulations in Australia’s Telecom Sector View More
Understanding Data Regulations in Australia’s Telecom Sector
Gain insights into the key data regulations in Australia’s telecommunication sector. Learn how Securiti helps ensure swift compliance.
Gencore AI and Amazon Bedrock View More
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
DSPM Vendor Due Diligence View More
DSPM Vendor Due Diligence
DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...
What's
New