Why are Top Businesses Turning to Data Classification?
As the leading, independent advisers and experts in data security HANDD have been way ahead of the curve when it comes to data classification. We have more than 500 customers in 25 countries and a 10 year history of successfully delivering data classification projects to an estimated 300,000 end users globally. Having satisfied more than 45% of the FTSE 100, we are unrivalled when it comes to understanding why top businesses are turning to data classification to re-energise their security strategy.
Here are 3 key reasons why top organisations are looking to implement a data classification solution today.
1. Compliance
No matter what vertical or location your organisation operates in it is more than likely you will have a number of governing bodies, internal audits or mandates with which you must comply. The dark shadow of the EU General Data Protection Regulation is looming and suddenly what seemed like a few years away is now just next May! For a number of reasons organisations are rightfully concerned. Just the mere threat of the potential fines and sanctions that are being mentioned in the new regulation has given organisations of all sizes the wake up call they needed.
Now is the time to start thinking about getting your house in order and what easier way than to order and prioritise your data based upon its sensitivity. What is of most value to your organisation? The lunch menu? Your finance records? Or your customer’s personal information? By placing a “metadata tag” onto a piece of data you can easily identify your most sensitive assets, ensure it is protected appropriately and reduce the risk of falling foul of most compliance mandates.
2. Enhance Existing Technologies
Labelling data enables your organisation to improve the performance and get a greater ROI on expensive security technologies already in place.
For example most organisations will have some kind of encryption technology (required for EU GDPR compliance) for protecting information in motion or at rest. By adding metadata tags to sensitive content you no longer need to worry about wasting time protecting the lunch menu and can more easily encrypt only the assets that are of most value.
Organisations regularly use Data Governance and Forensics solutions to clean up their legacy data, reducing their overall storage costs and putting large data sets in order. By utilising a data classification solution in such a project you can enhance the results by bulk classifying sensitive assets in tandem as they are discovered and ensure they too are protected and kept only as long as is absolutely necessary (think EU GDPR).
Data Loss Prevention (DLP) tools can also be enhanced by making it easier to intercept information being uploaded into the cloud or sent via email. Anyone who works with DLP knows that creating rules can be cumbersome, system overheads are increased and it can also create false positives. By just adding a “confidential” label into the metadata, DLP knows immediately that this information should NOT leave the organisation and will block it without the need to scan the entire content.
Once you identify data and the storage locations you can now extend your security policy into Identity Access Management (IAM) solutions to ensure only those users who should have access to it are allowed and those who shouldn’t are denied.
Furthermore with solutions such as User Entity & Behaviour Analytics (UEBA) we can now start to understand the way in which users and machines are interacting with the most sensitive content and alert when potential threats occur in real time. This provides your business with more intelligent, monitoring and alerting capabilities.
These are just a few examples of how integrating data classification into your environment can enhance your overall security strategy and how HANDD experts have helped organisations maximise the ROI from their security budget. My colleagues and I have worked on many projects providing consultancy services on integrating data classification and advice on the benefits of doing so.
3. End User Awareness
Key to implementing a successful security strategy is empowering the most powerful tool in any organisation’s security armour, the people. Putting visual labels such as headers and footers onto a document or email can raise end user awareness and help them become more security focused.
Since the beginning of time labels & signs have been used to enforce people to err on the side of caution “Don’t Open this Tomb, Scorpions Inside”, “Watch Out for the Rolling Boulder”, “Sliding Walls Can Crush You”. OK, I made these ones up but my point is that these signs would make you think and change your normal behaviour. Much the same way in which visual labels and watermarks applied to data can be used to alert the user to behave in a certain way with sensitive information. Users will naturally be more cautious and security aware when handling content marked as for example “internal only”.
A large portion of all data leaks are accidental and could have been avoided if only a data classification solution had been in place to raise user awareness or stop sensitive content from being stored on inappropriate devices (e.g. USB) and uploaded to uncontrolled third party web portals (e.g. Dropbox, Box etc).
By adding visual labels end users are also naturally more responsible and aware when handling physical copies of data that have been printed out.
Data Classification can be automated or driven by the end user. Either way, most importantly the classification software sits on the end users desktop ensuring that they are at the heart of your security strategy.
HANDD have an unrivalled experience in working with all of the major vendors of data classification solutions and have deployed classification to more than 300,000 end points globally in the last 24 months. I myself have been involved in the majority of those projects and have seen and learnt new things on each occasion. New concerns raised, new issues, new processes and pitfalls.
As independent advisers to 8 of the 10 largest banks in the world HANDD can help your organisation to find the right data classification solution to meet your requirements. More organisations are relying on HANDD to provide the required expertise in project delivery of this kind.
My colleagues and I would be more than happy to discuss your organisation’s security requirements with you.