Data Loss Prevention, Data Classification and Persistent Data-Centric Security

Data Loss Prevention, Classification and Persistent Data SecurityTechnology advancements and rapid digitization of corporate information has made it easier for modern companies to conduct everyday business transactions. Today, business data is easier to access and share, giving companies the opportunity to reach more customers and conduct business quicker. At the same time, the unprecedented volumes of data created, accessed, shared, stored and the variety of sources is forcing companies to re-evaluate their cyber-security approach.  The collaborative nature of how business is done has extended the corporate perimeter. As a result, companies are seeing an ever increasing need for higher visibility into data, how their users access and use it and the secure it using encryption.

Users at a typical company today have 10 times the applications they had 10 years ago and they use multiple devices to create and use data and documents.  Data is proliferating – users are localizing data that is kept in company repositories, copies of data is everywhere, users are converting files to other formats, sharing them via file shares and virtual printers, copying them to portable devices, and emailing them.

Many companies that have turned to Data Loss Prevention (DLP) and encryption technologies in recent years have come quickly to the realization that some things are missing once the implementations and deployments of these technologies are completed. They realize that the DLP solution is missing the mark. They realize they don’t have a handle on where their “unstructured” data is, and worst yet if this data contains sensitive information. They realize they need to understand their data, who creates it, who uses it, its correct format, who the owner of it is and who its steward is. They realize that sensitive data must be protected end-to-end through its entire life-cycle, not just at rest, and in motion but in use to ensure there are no security gaps.

Data classification is a technology many are turning to in hopes of optimizing their DLP investments. This is a very effective complementary technology if it is deployed correctly. However, it quickly becomes a real challenge when too many classifications are put in place. Furthermore, as users are given the ability to make a determination as to what classification to apply, the door is opened to the good old “user mistakes”. It is a wiser approach to have the data classification defined at the “administrator” level rather than getting into a mess by giving users this type of control.

Another technology that is popular these days is software that crawls around to help companies get insight on where their unstructured sensitive data is. When asked, most companies say they know where their sensitive data is, but lately this has been changing and many companies are admitting that unstructured data and copy data are a big security problem. The effort for sensitive data discovery goes hand in hand with most data projects in most companies that are realigning their security posture.

Lastly, most companies implementing data classification will have limited deployments and tangible benefits without bringing into the picture persistent data-centric security as well. Persistent data-centric security brings security to the data itself at creation time rather than the security of networks, servers, devices, or applications. With this type of a security approach, access policy for authorized users travels with the data itself regardless of where the data is and what network or device it is on.

With implementing technologies for data discovery, data classification and persistent security, companies are empowered to better protect their data without  costly and painful headaches.

Leave a Reply

Your email address will not be published. Required fields are marked *