Learn the 5 steps to effective data protection
Every day the companies creates more and more data. Unfortunately, valuable information on your servers and repositories are not protected and recoverable, solely due to system’s inability to find it. Control over unstructured data, provided by data classification, can simply help to recover data. Did you know that by involving users in the classification process, you impact their view on working with data, and improve their understanding of security principles and value for the organization?
The following text will guide your through deployment of data classifier. We will explain the details of how data classification can improve early-deployed tools such as DLP system, data deployment tools, data management tools, and more.
Step 1: Identify the types of data that matter most to your business
Using data classification as part of your corporate asset hedging strategy is sometimes referred to as “locking the crown jewels”. However, data security does not start or stop with the controlling access to information.
Security policy should also not be limited to protecting only the most valuable data.
Even less critical information can harm your business if lost or disclosed at the wrong time or to the wrong person.
Firstly, you need to build a solid foundation of knowledge around your data. It will help you understand exactly what you have and what are the potential security risks connected to it.
This process begins by identifying the data types that matter most to your business, so you can pinpoint where to focus your protection and control.
Your most valuable and confidential data may include:
- Data resources, for example information stored in CRM or a database.
- Business critical documents including project plans and commercial agreements.
- Documents and information required to comply with legal regulations.
Step 2: Discover before you start protecting
By classifying data according to its value or sensitivity, organizations can reduce the risk of a security breach by ensuring that appropriate safeguards are implemented and consistently enforced.
Now that you’ve identified your most valuable data that needs protection, it is time to do the discovery exercise to find out exactly what information you have, where it is, and who can access it.
It is unknown data that puts you at risk. Even the best-thought-out security policy is ineffective if you are not sure what information you are storing. Therefore what level of control you need to assign to it.
Data management, compliance with regulations such as GDPR and EU ITAR and, equally importantly, demonstration of said compliance are impossible if you do not know where the key documents are and who has access to them.
Discovery will give you an insight into the types of data in your organization and how they are shared and used. This allows you to build a protection strategy around the types of data you have. It also gives you the opportunity to reduce storage costs by getting rid of redundant data.
According to a report by Vertitas Databerg, medium-sized organizations spend 435,000 pounds per year for storing and managing obsolete data.
Discovery also facilitates the use of data as a resource, enabling you to obtain information that will underpin your strategy and improve operations.
Nobody says it’s easy. In addition to structured data stored in local databases, companies usually have huge amounts of unstructured data such as email, PowerPoint, Excel, and PDF documents.
Information is also stored and shared across an increasing number of systems, devices and platforms, including cloud-based collaboration tools such as Microsoft SharePoint, file sharing sites such as Dropbox and OneDrive, and shadow IT.
Data discovery tools provide an efficient way to find resources, that can then be classified. They examine file repositories and databases by scanning for specific types of information, keywords, criteria, and classification metadata. This allows you to see what your data is, its location and who has access to it.
According to Forrester, 44% of technology decision makers in North America and Europe use data discovery tools.
After defining data in the company, you will be able to control valuable and confidential information and make informed decisions about how to handle it and who has access to it. You will then be ready to classify them according to importance or sensitivity – to provide an adequate level of defense.
You need to determine:
- What type of data do you have and collect
- What data are you creating
- Where the data is located
- Why do you have them
- How sensitive they are
- Who accesses them, uses them and shares them
Step 3: Classify your data
The corporate security policies that govern how valuable information should be handled will be ineffective unless they are consistently and thoroughly enforced.
Organizations often have a written policy that is available on the company’s intranet and communicated to new employees. In practice, however, employees are rarely sure how to apply it to their daily activities.
Security policy needs to be understandable – and the best way to do this is to classify your data.
It is the first of two stages that include active data protection, the second is the implementation of technological solutions that will secure it at further stages.
The classification makes these solutions more effective.
A data classification is a categorization of data according to its sensitivity level or value by using labels. They are included as visual markers and also embedded in the file’s metadata. When classification is used in conjunction with security solutions, metadata ensures that access to data or their use is possible only in accordance with the rules corresponding to their label.
It is possible to completely automate this process, but our clients get the best results by combining the analyst’s work with the use of software toolkits to support a successful implementation. This is known as user-based data classification.
With this approach, it is your responsibility to decide which tag is appropriate and assign it when creating, editing, sending, or saving.
The user’s insight into the context around the data leads to more precise classification decisions than a computer could ever make.
Define a classification policy
First, make it clear who should have access to each type of data.
The work done in steps 1 and 2 will prepare the file for categorization.
Then decide how many categories you will have. Aim for three or four, the fewer options, the easier it is for users. Labels pointing to confidential, only internal, and public are a good start.
Perhaps the fourth category relates to information subject to regulatory controls such as the EU GDPR, controlled by ITAR or restricted by HIPAA / HITECH.
Select a classification tool
The right technology will help users to apply the classification scheme consistently and also extend it with important metadata. The most effective tools make grading a seamless part of business. It is the integration of the labeling process with standard applications that are already used by employees. Providing broad support for operating systems and application types is critical to securing this investment.
Start by classifying your “active” data such as: emails, files and documents that are currently being created and maintained.
If you’ve followed steps 1 and 2, you’ll know exactly what’s and where’s at.
By doing this, you ensure that all your most valuable data will be safe from that point forward. Once this is established, decide how to mark up existing and legacy data that is still stored in your organization. This process usually works well in conjunction with an agent or discovery tool. Now that you’ve tagged your data, it’s time to pay attention to enterprise security solutions and information management technologies that will keep it safe for the remainder of the journey.
Step 4: protect your data
Data, which is classified according to its sensitivity, is wrapped in a layer of protection.
The next task (after identifying, discovering, and classifying the data) is to put in place higher-level controls in the form of security and information management solutions to keep it secure when it is shared or used later.
By classifying your data, you’ll already add a “magic ingredient” that makes these solutions more effective: the metadata found in the properties of each document, message, or file).
Embedding a label as metadata supports the enforcement of data security policy by directing the actions of downstream solutions – triggering automatic rules corresponding to the given label.
This means that technology makes more accurate “decisions”, reducing the number of false positives and minimizing the risk of data exposure.
Solutions that become more effective when combined with data classification
Data Loss Prevention (DLP)
They protect your business from deliberate and accidental loss of data, such as preventing employees from uploading a file marked “Confidential” to Dropbox or preventing a file containing credit card numbers from being sent “externally.”
They will automatically encrypt any file marked as “Confidential”.
They will enable employees to quickly locate information and immediately understand how it can be used.
Security Incident And Event Monitoring (SIEM)
They detect potentially risky user behavior before a breach occurs, such as signaling if someone is copying confidential documents onto a storage device.
Search And Retrieval Tools
They will help you find data quickly in the event of an audit, find the documents you need to prove compliance with industry standards or to fulfill information requests from regulatory authorities.
Access Control Tools
They use classification labels to decide who can access the file in the shared area.
Data Governance Tools
The label enables them to control who gains access to confidential information and who breaches the rules, maintaining a detailed audit trail of any risky activities.
When you highlight what is valuable, you can see more clearly what is not important or needed.
The effect of integrating data classification with other technologies and security toolkits is to add layers of security around your most valuable and other sensitive data – strengthening boundaries and creating an “inner sanctuary”.
But data protection doesn’t stop there. As with walls, you have to constantly check and maintain them to keep them intact.
Step 5: Measure and Optimize
If you have followed the first four steps (identify, discover, classify and secure), you will successfully secure your organization’s valuable and confidential information by using data classification and additional tools to enforce your security policy.
However, this is not yet “job done”. The applicable regulations, threats (external and internal), and the business itself will constantly change, and demands from regulators and management for better governance will increase. Continuous measurement of the effectiveness of the security policy is the only way to check whether the implemented controls are adequate.
Monitoring and reporting tools track how data is obtained, used and classified, and provide business insight behind it – with structured audit data and analysis.
This increases the chances of a breach being detected quickly, helping the company meet the notification deadlines required by regulators and also minimize the damage. In the event of a breach, detailed audit information will allow you to demonstrate that appropriate steps have been taken to protect your data.
More importantly, real-time monitoring of how people use the classification tools will identify any behavior that deviates from “normal activity” and keep data safe from breach.
This may include reporting a user who repeatedly incorrectly marks documents and therefore may be an insider threat. A clear business audit trail also allows you to measure compliance in terms of aligning with governmental and industry regulators, many of which have strict auditing and reporting requirements.
Continuous monitoring creates an organization-wide picture of security policy effectiveness – a picture that can be shared with management along with an understanding of how to improve it.
Using a reporting tool in conjunction with a security incident and event monitoring (SIEM) solution and toolkit for behavioral analysis is the “gold standard” in situational awareness.
The combined data allows forensic analysis of the entity’s behavior to determine causes, and to highlight patterns and trends in behavior. For example, if a large number of people regularly under-categorize documents, this may indicate weakness in the policy or simply show that it is not properly understood.
This insight will enable you to make informed decisions about how to solve the problem: by tightening the security policy, ensuring further training or conducting disciplinary procedures.
Integrating monitoring and reporting functions into your data security strategy is the only way your organization can take full advantage of the value of its data classification and other security solutions. Measuring effectiveness will provide the information needed to evolve your strategy in line with the threat landscape and business change.
It will also provide the information you need to demonstrate value – proving that the solutions you purchase deliver the expected benefits and return on investment. This assurance will convey the value of security to the organization and ensure the future investment that will protect the most valuable data in your company.
Source: Channel Partners. Buy Data Classification & Secure Messaging Tools