Data Classification
Your data security is full of holes. It's true of nearly everyone we see. And if your main strategy is to just rely on DLP, you have maybe 10% of the solution.
You need more.
In order to protect your data, you first need to know what you have. You need a reliable means of discovery. That means looking beyond easy-to-find stuff like credit card and social security numbers—being able to identify company secrets, employee information and other private data you can’t easily search for. Get started with Data Discovery.
But you have to do better than that with future data. You need an answer for Data Classification—and I mean classifying each file as it is created—automatically assigning a level of secrecy based on the context surrounding it the data: who created it, what partners or customers are involved, etc. It’s the only way to know everything you need to know to keep your data protected going forward. A good first move is a Data Classification Assessment.
For a quick overview of Data Classification, watch the breakdown video.Okay, say you’ve created a file, classified it and saved it. Who has access to it? Beyond that, do you know who has accessed it, who has edited it, who has downloaded it? You can’t just know who should and shouldn’t have access, you need a way to monitor and track the entire life of a data file within your network. This begins with Access Management and covers Governance as well.
You also need share documents outside your network. If you do this by password protecting them or counting on recipients to delete or keep secrets, you should be worried. Very worried. Whoever has a password has access—access you can’t track. And passwords can be shared with anyone; even posted on the internet.
Even after you've classified and encrypted everything upon creation, you need to be able to restrict access outside your network to whomever you chose (or enforce read-only access), you can keep your data safe no matter where it goes. You can even time-bomb the file so there is only a short window of access.
And it should go without saying that this will all fall apart without a solid identity strategy to support it. Without control over who is in your network, data will undoubtedly get away from you. So don't let Identity be the problem.
As always, feel free to reach out if you would like to know more.
Adam