By Scott Masson, VP Product Management, TITUS
The volume of data being created, shared, and stored is growing exponentially with no sign of slowing down. With more people accessing and storing files in a multitude of network and cloud repositories, your sensitive data could be anywhere. Collaboration among employees, partners, and customers is key, but there must be a balance between information sharing and information protection.
There was a time when there were only hard copies of files; someone typed them up, perhaps photocopied them a few times, but they were easier to trace and control. Today, the reality of information sharing paints a vastly more complicated picture.
A document today is created digitally, and in several steps. An employee — let’s call her Carol — creates a draft, sends it around to a few people for an initial review, then incorporates their feedback into the next version. From there, she finalizes the draft and sends it to the boss for review. She then sends the completed revision to its final audience via email and posts it in SharePoint or saves it to a network drive (among numerous other options).
And what about the other people with whom she shared it? Did they download their own copies to save their changes? Did they send it to someone else within the company to get further input? Did someone save it to the cloud to read at home later? The document that started as a single file may now exist in many places. It’s obvious how quickly a data footprint expands.
What about some of the external factors impacting this data? Options for data storage are expanding, with cloud storage becoming more common, and the costs to store data are rapidly decreasing. Combined, this means everyone has cheaper and easier access to huge data storage locations.
Let’s go back to the document Carol wrote. Does anyone know whether she included sensitive information in that file? Did it contain intellectual property? Personally identifiable information or health information? A coworker might be able to guess by the file name, but the point is you never want to have to guess — and you certainly don’t want highly sensitive information breached.
Many CISOs will tell you one of their biggest data concerns is how little they understand their full data footprint — what data they have, where it is, and who has access to it.
Asset or Liability: Your Choice
A recent Forrester report, Know Your Data to Create Actionable Policy, noted, “Data is a valuable asset that morphs into a liability when improperly handled.” The analyst firm went on to recommend using tools to help discover data so it can be properly identified and classified, saying applying identity and tagging data packets with identity attributes allows users “to determine the business criticality of any piece of data and thereby protect it more effectively, data creators can use classification tools to tag data” appropriately.
When looking for a data classification solution, consider your organization’s requirements for:
- Discovering and identifying large volumes of data stored on premise or in the cloud, including network file shares, SharePoint, Dropbox, Box, and OneDrive Enterprise.
- Running scheduled scans that will automatically classify files based on several factors, including the file properties/attributes, content, and/or metadata.
- Protecting files by automatically encrypting them based on data sensitivity rules, and whether this additional layer of protection can be added based on the details of the file itself or its location.
- Collecting file information during scans, including file properties, classification (pre- and post-scan), and access controls to determine what the data is, where it is, and who has access to it.
- Analyzing results to minimize data at risk, monitoring classification activities, and optimizing data identification policies and data storage solutions.
- Identifying and isolating files stored inappropriately, flagging files for follow-up or taking action based on results of the scan. This may include updating security policies or re-educating your users on the treatment of sensitive data.
- Enhancing the ability of DLP, ERM, and other security solutions to apply the appropriate controls based on classification.
Discover And Classify To Protect
Solutions that enable organizations to discover, classify, protect, and confidently share information, as well as meet regulatory compliance requirements by identifying and securing unstructured data, are quickly becoming a must-have rather than a need-to-have. Best practices suggest security measures that enhance data loss prevention by classifying and protecting sensitive information in emails, documents, and other file types — on the desktop, on mobile devices, and in the cloud. Use industry best practices to ensure that your data is protected by a robust data classification strategy.
Scott Masson brings over 16 years of professional experience in enterprise software to TITUS. Previously, Scott was the Business Unit Executive for the Cognos Business Intelligence product management team at IBM Corporation. He also worked for Environmental Systems Research Institute (ESRI), where he led their product management efforts to integrate GIS technologies into enterprise BI systems.