The lifecycle of a simple document is radically different today than it was for most of human history. From clay tablets and papyrus scrolls, we moved on to handwritten paper documents.
Then came the breakthrough of the typewriter and the copy machine. All this time, there were few copies of any one document; they were all hard copies, and were easier to keep track of and control.
Then, the exponentially greater breakthrough of the computer arrived, forever changing how we create, store, and share documents. With more people than ever accessing and storing files in a multitude of network and cloud repositories, your sensitive data could be anywhere. Collaboration among employees, partners, and customers is key, but there must be a balance between information sharing and information protection.
Guest article by Scott Masson, VP Product Management, TITUS
Today, business documents are almost exclusively created digitally. An employee creates a draft, sends it around to a few people for an initial review, and then incorporates any feedback into the next version. From there, the draft is finalized and sent to the boss for review. The completed revision is sent to its final audience via email, posted on SharePoint, or saved to a network drive (among numerous other options).
And what about the other people with whom the employee shared it? Did they download their own copies to save their changes? Did they send it to someone else within the company to get further input? Did someone save it to the cloud to read at home later? The document that started as a single file may now exist in many places. It’s obvious how quickly a data footprint expands.
One enabler of that larger footprint is the expanding number of options for data storage, with cloud storage becoming more common, and the costs to store data rapidly decreasing. Combined, this means that everyone has cheaper and easier access to huge data storage locations.
As for that employee’s new document, there are important questions that need to be asked in today’s digital world: Does anyone know whether sensitive information was included in that file? Did it contain intellectual property (IP)? Personally identifiable information (PII) or health information (PHI)?
A coworker might be able to guess by the file name, but the point is that you never want to have to guess – and you certainly don’t want highly sensitive information breached.
One of the biggest problems CISOs face is their little understanding of their full data footprint – what data they have, where it is, and who has access to it.
Best Practices in Data Classification
A recent report by Forrester noted that “data is a valuable asset that morphs into a liability when improperly handled.”
Organizations should thus use tools to help discover data so that it can be properly identified and classified. And, by applying identity and tagging data packets with identity attributes, this allows users “to determine the business criticality of any piece of data and thereby protect it more effectively…data creators can use classification tools to tag data” appropriately.
It is clear that data classification can help organizations manage their huge volumes of data and make it more secure. When looking for a solution, consider your organization’s requirements for:
- Safeguarding files by encrypting them automatically, based on data sensitivity rules, and determining whether this additional layer of protection can be added based on the details of the file itself, or its location.
- Discovering and identifying large volumes of data stored on-premise or in the cloud, including network file shares, SharePoint, Dropbox, Box, and OneDrive Enterprise.
- Scans that can be scheduled and will automatically classify files based on several factors, including the file properties/attributes, content, and/or metadata.
- Amassing file information during scans, including file properties, classification (pre- and post-scan), and access controls to determine what the data is, where it is, and who has access to it.
- Monitoring classification activities, analyzing results to minimize data at risk, and optimizing data identification policies and data storage solutions.
- Improving the ability of DLP, ERM, and other security solutions to apply the appropriate controls based on classification.
- Identifying and isolating files stored inappropriately, flagging files for follow-up, or taking action based on results of the scan. This may include updating security policies or re-educating your users on the treatment of sensitive data.
Protect Your Digital Treasure
Communication has come a long way since Sumerian scribes pressed their styluses into wet clay. Multiple copies of documents containing even the most sensitive information are easy to generate, and businesses are hard-pressed to keep track of them all.
The stakes are high, including data breaches and compliance violations. Data classification helps organizations discover, classify, protect, and confidently share their information — and this process is becoming table stakes. Follow best practices to protect what you value – for your sake, and for the sake of your employees, customers, and partners.
Scott Masson brings over 16 years of professional experience in enterprise software to TITUS. Previously, Scott was the Business Unit Executive for the Cognos Business Intelligence product management team at IBM. He also worked for Environmental Systems Research Institute (ESRI), where he led their product management efforts to integrate GIS technologies into enterprise BI systems.