Data Classification is a Business Imperative. TITUS White Paper

Similar documents
5 Reasons Classification is the First Step to Successful Data Loss Prevention.

Best Practices for a Successful DLP Deployment

Don t Be the Next Data Loss Story

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

Altitude Software. Data Protection Heading 2018

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

CipherCloud CASB+ Connector for ServiceNow

CloudSOC and Security.cloud for Microsoft Office 365

Why you MUST protect your customer data

Data Management and Security in the GDPR Era

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

GM Information Security Controls

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Comprehensive Database Security

Sensitive Data Loss is NOT Inevitable

The Dropbox Problem: It s Worse than You Think

2018 Edition. Security and Compliance for Office 365

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Top. Reasons Legal Teams Select kiteworks by Accellion

Securing Office 365 with SecureCloud

It s About the Data, Stupid.

Accelerate GDPR compliance with the Microsoft Cloud

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Security Enhancements

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

Teradata and Protegrity High-Value Protection for High-Value Data

Operational Network Security

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Sarbanes-Oxley Act (SOX)

2 The IBM Data Governance Unified Process

Go mobile. Stay in control.

The data quality trends report

The security challenge in a mobile world

6 Vulnerabilities of the Retail Payment Ecosystem

INTELLIGENCE DRIVEN GRC FOR SECURITY

SECURE DATA EXCHANGE

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

Symantec Document Retention and Discovery

YOUR WEAKEST IT SECURITY LINK?

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

KuppingerCole Whitepaper. by Dave Kearns February 2013

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

DeliverySlip for Dental Practices

Modern Database Architectures Demand Modern Data Security Measures

Security and Privacy Governance Program Guidelines

Balancing BYOD and Security. A Guide for Secure Mobility in Today s Digital Era

A practical guide to IT security

Office 365 Buyers Guide: Best Practices for Securing Office 365

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Avanade s Approach to Client Data Protection

McAfee Total Protection for Data Loss Prevention

Seven Requirements for Successfully Implementing Information Security Policies and Standards

WHITEPAPER. How to secure your Post-perimeter world

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

MaaS360 Secure Productivity Suite

What It Takes to be a CISO in 2017

CISO View: Top 4 Major Imperatives for Enterprise Defense

Name of Policy: Computer Use Policy

FOR FINANCIAL SERVICES ORGANIZATIONS

Test Data Management for Security and Compliance

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Data Privacy in Your Own Backyard

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Records Management and Retention

Recommendations on How to Tackle the D in GDPR. White Paper

WORKSHARE SECURITY OVERVIEW

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

The Honest Advantage

The HIPAA Omnibus Rule

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

10 Hidden IT Risks That Might Threaten Your Business

Demonstrating Compliance in the Financial Services Industry with Veriato

Single Sign-On. Introduction

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

Welcome to the SafeNet Day! Prague 1st of October Insert Your Name Insert Your Title Insert Date

SECURING YOUR BUSINESS INFRASTRUCTURE Today s Security Challenges & What You Can Do About Them

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Putting It All Together:

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

HIPAA Security and Privacy Policies & Procedures

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Benefits of Implementing a SaaS Cybersecurity Solution Andras Cser, VP Principal Analyst

Run the business. Not the risks.

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Securing Your Most Sensitive Data

Village Software. Security Assessment Report

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

Digital Workspace SHOWDOWN

Business Advantages. In this age of heightened awareness of information security issues...

Secure E-Signature. The first truly secure way to easily and quickly sign and exchange digitally approved documents

The rapid expansion of usage over the last fifty years can be seen as one of the major technical, scientific and sociological evolutions of

01.0 Policy Responsibilities and Oversight

The business case for end-toend data protection

Transcription:

Data Classification is a Business Imperative TITUS White Paper

Information in this document is subject to change without notice. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written consent of TITUS Copyright 2014 TITUS. All rights reserved. TITUS is a registered trademark of TITUS Inc. All other product and company names are trademarks or registered trademarks of their respective owners. TITUS may have patent applications, trademarks, copyrights or other intellectual property rights covering subject matter in this document. At TITUS we work to help businesses better manage and secure valuable corporate information. Our solutions enable enterprises, military and government organizations to classify, protect and confidently share their information. The foundation of the TITUS platform is information classification, user awareness, and policies to protect email and documents. For further information, contact us at +1 (613) 820-5111 or email us at info@titus.com www.titus.com

1.0 Data Security The responsibility of securing organizational data needs to be in the hands of anyone who creates it, and not lie solely with the IT department. Unsecured data leaves organizations open to lost intellectual property, significant fines, loss of investor trust, loss of clients, and lawsuits. With the proliferation of data sharing applications, mobile device and remote access, the task of securing data has become too great a responsibility for the IT department to manage effectively on its own. While technology has the potential to help enforce data security policies, without a pervasive culture of data security users fail to use the technology properly. Either due to a lack of training or the complexity of the security tools, studies continue to show that employees frequently violate information security protocols. And worse, many employees use methods to circumvent security technologies they feel hinder efficient workflow. This combination of data sharing technologies, poor training, and indifference to security policy converts the people inside your organization those that should be the most trustworthy into one of the biggest data breach risks. Data discovery and classification are two essential, yet often overlooked, initiatives that lay the foundation for protecting data. Heidi Shey & John Kindervag Forrester Research Inc. Strategy Deep Dive: Define Your Data. April 2013 To secure data, senior executives must set the foundation for a culture of information protection, which includes executive support and involvement, user training and guidance, easy to use technology, and data classification. Classification is foundational to securing your information as it allows users to quickly and easily indicate the value of the data to the organization. The classification is applied as visual markings (to alert end users), and persistent metadata (to inform security technology systems). The process of classifying has the added benefit of acting as a constant reminder to workers that the information they handle has value and its protection is essential. Empowered by the classification, the entire security ecosystem has the knowledge it needs to manage the information according to security policy. www.titus.com Data Classification is a Business Imperative 2

2.0 The Data Security Imperative At the heart of any organization is the data that powers it. From financial data, to employee files, to new ideas and inventions, your organization is filled with information that, if lost or stolen, could seriously impact your business. The proliferation of data sharing tools, such as email, social media, mobile device access, and cloud storage media are making it harder for IT and data security departments to keep your sensitive information from moving outside the central network perimeter. The reality is that the data security perimeter is forever changed as data is accessed and stored in multiple locations. In 2013, an average of 26.6% of information workers used at least three or more devices (laptops, desktops, tablets, mobile phones) for work. i To make managing information on these various devices easier, workers are using mobile storage media and cloud services to transport your organization s valuable information. With workers uploading data to a wide array of unsecured data sharing solutions, the people you have working inside your organization pose one of the biggest data security threats. In fact, there is a 60% chance that your organization s data has been seriously compromised without triggering an alert to the security team. ii Even more troubling is the fact that the average time between a data breach and when it is discovered is over 200 days. iii And to add insult to injury, 69% of all breaches are discovered by others outside of your organization, such as your partners and customers. iv It is time to face the fact that your data is slipping through your perimeter like sand through a clenched fist. Inadvertent misuse of data from insiders tops the list of breach causes in 2013, responsible for 36% of breaches seen in Forrester s data. Heidi Shey Forrester Research Inc. Understand the State of Data Security and Privacy: 2013 to 2014. October 2013. It is important to note that the insider threat is not just a malicious user or disgruntled employee, but could also be trustworthy employees who are just trying to work more efficiently. When workers are unfamiliar with correct policy procedures and there are no systems in place to train, inform, and remind them, they engage in risky information handling. Insider breaches, therefore, www.titus.com Data Classification is a Business Imperative 3

are not just a technological issue, but a human and cultural problem. You can install technologies to prevent uploading data to a cloud service, but if your users don t understand the value of the data they are using they are likely to see the technology as an impediment to their workflow, and actively seek methods to circumvent security. From a data protection strategy point of view, the trend to keep all data forever is also having a negative impact on data security. As storage costs dropped, the attention previously shown towards deleting old or unnecessary data has faded. However, unstructured data now makes up 80% of non-tangible assets and data growth is exploding. IT security teams are now tasked with protecting everything forever but there is simply too much to protect effectively especially when some of it is not worth protecting at all. www.titus.com Data Classification is a Business Imperative 4

3.0 The Security Culture Imperative As organizations struggle to meet the challenge of data security, success will only be achieved through strong leadership. Without executive guidance, security is relegated to IT departments that are already struggling for proper data security funding. IT and data security teams do not have the means to singlehandedly foster the culture of security that is necessary to prevent unnecessary insider data risks. In contrast, when senior executive sponsorship is communicated directly to the employees it is less likely that the employees will find excuses to resist the change. A corporate initiative with executive sponsorship has a momentum that can compel workers who might otherwise resist a project sponsored only by their team or department leader. Given the importance data security plays in the health of an organization, it should be considered as a crucial part of business best practices. Just as there are unique best practices in sales, accounting, and human resources, everyone should consider data security as a general best practice for overall success. The most successful companies will be those that place a high value on protecting their intellectual property, customer information and other sensitive data. Shifting to a culture of data security will only take place when all employees are continually engaging in corporate security processes. Workers need to be engaged in the security discussion in order for them to be invested in the solution. When the CEO communicates to her employees the importance of security for their job as well as for the organization, employees are much more apt to comply. Once the users are on side in principle, it is important to follow up with tools that are easy to use and provide immediate feedback with corrective suggestions when there is a violation. www.titus.com Data Classification is a Business Imperative 5

4.0 The Classification Imperative Classification is the indispensable foundation to data security as it allows users to identify data, adding structure to the increasing volumes of unstructured information. Classifying data provides it with a voice, announcing to both users and security systems the information s value and how it should be handled. When data is classified, organizations can raise security awareness, prevent data loss, and comply with records management regulations. Classification is effective because it adds metadata to the file. Metadata is information about the data itself, such as author, creation date, or the classification. When a user classifies an email, a document, or a file, persistent metadata identifying the data s value is embedded within the file. By embedding classification metadata, the value of the data is preserved no matter where the information is saved, sent, or shared. Data classification technologies that involve the user rather than short-circuit the user are more likely not only to reinforce policies, but also to create a sustainable corporate culture regarding data protection over time. Derek E. Brink Aberdeen Group Three Steps to Successful Data Classification. February 2013. From a worker s perspective, classification forces attention toward the value of the data being used, making employees more aware of the information s sensitivity and how it should be handled. As classifications are applied, they can also be added to the data as protective visual markings. When the classification is visible in the headers and footers of an email or document, consumers of the information cannot deny their awareness of the data s value even when printed and their responsibility to protect it. As information is shared, the classification metadata embedded within the file can be used by data loss prevention (DLP) systems, gateways, and other perimeter security systems to enforce safe distribution and sharing. For example, a DLP system may be configured with a policy that restricts documents classified as secret from being transferred via USB to a portable storage device. Similarly, policies which stipulate the necessity to encrypt the most sensitive data can easily be enforced. As workers www.titus.com Data Classification is a Business Imperative 6

classify, rights management tools can be invoked based on the classification, applying encryption to outgoing emails or to documents being stored into repositories like SharePoint. Figure 1 - Classified email showing protective visual markings in the header and footer of the email body. Classification can also aid where compliance legislation regulates the protection and retention of company records. By providing structure to otherwise unstructured information, classification empowers organizations to control the distribution of their confidential information in accordance with mandated regulations, such as ITAR, HIPAA, PIPEDA, UK Data Protection Act, SOX, Red Flag Rule, ISO 27001 and many others. As important documents, regulated records may also need to be retrieved quickly for auditing or legal discovery purposes. Classifications can be configured to include additional information indicating into which department and records management category the data belongs. This extra information not only enhances retrieval but can also be matched to retention policies governing how long to keep the data and when it can be safely destroyed. www.titus.com Data Classification is a Business Imperative 7

When classification becomes a part of everyday workflow, security awareness and risk mitigating behavior takes root within the corporate culture. As employees classify, they are reminded to handle data securely. And when data is classified, it contains metadata values the entire security ecosystem can leverage to enforce appropriate information governance and prevent data breaches. Figure 2 - Document showing protective visual markings in the header and watermark. www.titus.com Data Classification is a Business Imperative 8

5.0 The TITUS Advantage As the leading provider of user-based email and document classification solutions, TITUS offers a complete classification management solution for both private and public organizations. TITUS products include: Message Classification for the classification of email in Microsoft Outlook, Outlook Web App, Lotus Notes, and mobile devices. Classification for Microsoft Office for the classification of Microsoft Word, PowerPoint, and Excel documents. Classification for Desktop for the classification of any file type in Windows Explorer, including Adobe PDF, multimedia files, and CAD documents. Classification and metadata security solutions for Microsoft SharePoint TITUS solutions are trusted by over 2 million users within more than 600 organizations in 60 countries around the world. Our customers include: Dell, Nokia, Dow Corning, Pratt and Whitney, United States Air Force, NATO, Canadian Department of National Defence, Australian Department of Defence, and the U.S. Department of Veterans Affairs. To learn how TITUS can help your organization implement its classification policy, please visit: www.titus.com. www.titus.com Data Classification is a Business Imperative 9

End Notes i Understand the State of Data Security and Privacy: 2013 to 2014. Forrester Research, October 2013. PDF. ii Maximizing the Business Value of Information: New Principles for Using and Securing Information. The Corporate Executive Board Company, 2013. PDF. iii 2013 Global Security Report. Trustwave, 2013. PDF. iv Verizon 2013 Data Breach investigations Report. Verizon, 2013. PDF. www.titus.com Data Classification is a Business Imperative 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback