Don’t Complicate Data Discovery and Classification

Ron Arden Data breach, Data security, Privacy

Classify sensitive data as confidential and encrypt itData discovery and classification is an important first step to protect your confidential data and comply with privacy regulations.  You need to identify the location of your data and its value to your organization before determining how to protect it.  Done right, this leads to a data-centric security and compliance program that is critical to your corporate brand and competitive advantage.

Unfortunately many discovery and classification projects stall or fail because solutions try to address all data needs, not just security and privacy.  Organizations get caught up in the process and lose focus of the goal, which is to protect and control sensitive information.

There are different approaches to data discovery and classification.  Content-centric approaches, like DLP, use predetermined workflow rules to control data usage.  They try to classify data using complex rules and then control its movement.  You may have 20 rules that try to determine if a file you are emailing contains sensitive data and another 20 to make sure you don’t copy that file to a USB drive or a cloud location.

Context-centric approaches apply rule-based analytics to assess user behavior to minimize the risk of insider threats.  This might look at who creates a document, where they move it and when was it was last accessed.

These rule-based approaches attempt to model everything data and users can and cannot do.  They require extensive data classification and rely on maintaining a very complex set of rules.  They gather a lot of data about your data so they can attempt to determine all possible outcomes.

These approaches complicate data discovery and classification and make it difficult to protect and control sensitive data, which is your ultimate goal.

A better approach is to classify sensitive data as confidential and immediately encrypt it.  This protects the data, controls user access and tracks the file wherever it travels.  Rather than relying on complex classification processes to control what users can or cannot do, this approach optimizes classification and streamlines a path to protect and control your most sensitive data.  You also don’t have to worry about location anymore, since the file is always encrypted and access controlled.

The goal of discovery and classification is to understand your data and protect it.  Streamline that process by encrypting sensitive data and controlling its access, rather than wasting time developing and maintaining complex rules that focus on all the things users can and cannot do with it.