As the world becomes increasingly digitized, enterprises need to act quickly and strategically or risk being left behind. However, knowing the need and acting on it are not the same thing.A recent report, ‘Are Businesses Really Digitally Transforming or Living in Digital Denial?’ found that 33 percent of surveyed companies were developing plans for digital transformation but didn’t plan to execute those plans in the next 12 months.
“A culture of security is not an end in itself but a pathway to achieve and maintain other objectives, such as proper use of information”
However, 55 percent of enterprises understand they have a year or less to make digital inroads before suffering financially and competitively. During this transformation, enterprises need to ensure that they maintain their brand reputation and customer trust. A key strategy is to create a culture of security that supports the new way of sharing. A culture of security is not an end in itself but a pathway to achieve and maintain other objectives, such as proper use of information.
Data Takes Center Stage
Today, every business is a digital business. That makes data any business’s lifeblood,
and those who own and manage their data well will win. For example, organizations are leveraging the power of Big Data analysis to make their internal data work for them, leading to insights that create cost savings, efficiencies, new products and improved customer experiences. These insights create the differentiation that leads to greater market share and increased revenue.
However, the time to determine a sound data strategy is now. By the year 2020, about 1.7 megabytes of new information will be created every second for every human being on the planet. Organizations need to determine how they will handle all this data, which will be managed, stored and shared across platforms and around the globe.
The data-driven world is also a mobile world in which distributed teams need tools to share and collaborate. Employees now use Dropbox, Slack and similar applications to share information–and sometimes, that information is sensitive in nature. With more people accessing and storing files in a multitude of network and cloud repositories, an organization’s sensitive data could be anywhere. Collaboration among employees, partners and customers is key, but there must be a balance between information sharing and information protection.
The Danger Within
The September 2016 Netskope Cloud Report found that enterprises, on average, have 977 cloud apps in use. This creates a huge threat landscape; 43.7 percent of malware found in enterprises cloud apps has delivered ransomware, and 55.9 percent of malware-infected files found in cloud apps are shared publicly. As the digital universe expands, so do its attack vectors.
Threats from the hacking of IoT devices and cloud apps continue to evolve, and malicious insiders certainly add to the security burden, but a much more typical threat source is unintentional human error caused by uninformed employees. They pose a particular danger because they have legitimate access. This leads to common data breach accidents such as including sensitive data in an email or attachment, accessing data from unsecure public sources or inappropriate sharing of information to personal email and devices.
How Digitally Aware Are Your Users?
The reason that insider threats are so dangerous is that standard security systems aren’t set up to prevent accidental disclosure by careless or uneducated users with legitimate access. Instead, this is a job for data classification. This strategy helps companies balance the need to share information to achieve their objectives with the need to protect information that is sensitive or critical to their organization. Data classification enables organizations to classify, protect and confidently share information and meet regulatory compliance requirements by identifying and securing unstructured data.
In this way, it creates “digital awareness” to users about the data they are handling. Classification adds “metadata” to each file–the details about the data itself, such as author, creation date, or the classification (top secret, etc.). Any time someone classifies an email, a document or a file, persistent metadata identifying the data’s value is embedded within the file. So, no matter where the information is saved, sent or shared, the value of the data is identified and preserved.
A classification tool consistently reminds users of data security policies each time they save a document or send an email, and therein lies its genius. By requiring users to identify the sensitivity of the information, data security remains constantly top of mind. Asking employees to classify each file helps to improve the source of the problem: users who lack awareness of the proper security procedures.
Users are now required to classify information, but there’s more. It is possible for a classification tool to monitor users’ folders to automatically analyze and classify data the moment it is created in, moved to or modified within the folders. This includes the interception of files as they are downloaded from web browsers or email.
That is a key point, as one of the most common forms of data breach is a version of “friendly fire”: including sensitive data in an email. By checking the selected classification against the email content and attachments, classification tools can immediately identify possible breaches before the email ever leaves the user’s control. This gives organizations the best of both worlds: user-driven as well as automated classification.
Transformation by Classification
More and more organizations are making data classification a priority as they transform their security culture and set the foundation for their information protection program and strategic digital transformation. Their objective is to cultivate a culture of information management, which makes users respectful and aware of the sensitivity of information.
In an increasingly digitized environment, data security must be top of mind at all times and in all situations–whether the data is coming in or going out, whether from unknown parties or trusted employees. When users play an active role in the classification of data, a culture of security will be established. Tools to help automate the process of data safety will help users consistently apply corporate security policies, helping to stop data loss and increase compliance.