It is possible to transition to a data security culture, but it will only take place when all employees are continually engaging in corporate security processes. Once users are on board in principle, it is important to follow up with tools that are easy to use and provide immediate feedback with corrective suggestions when there is a violation.
Why Classification Makes Sense
The reason that classification is foundational to data security and the corresponding culture shift is that it allows users to identify data, adding structure to the increasing volumes of unstructured information. When data is classified, organizations can raise security awareness, prevent data loss and comply with records management regulations.
The secret sauce that sets classification apart and makes it so effective is that it adds metadata to the file. Metadata is information about the data itself, such as author, creation date, or the classification. When a user classifies an email, document or file, persistent metadata identifying the data's value is embedded within the file. In this way, the value of the data is preserved no matter where the information is saved, sent or shared. Employees now have to actively notice how valuable the data they are interacting with is.
As classifications are applied, they can also be added to the data as visual markings. When the classification is visible in the headers and footers of an email or document, consumers of the information cannot deny their awareness of the data's value-even when printed-and their responsibility to protect it.
When metadata is embedded within a file, it can be used by data loss prevention (DLP) systems, gateways and other perimeter security systems to enforce safe distribution and sharing. For example, a DLP system may be configured with a policy that restricts documents classified as "secret" from being transferred to a portable storage device. Similarly, policies that stipulate the necessity to encrypt the most sensitive data can easily be enforced.
Maintaining compliance with the protection and retention of company records is another benefit of classification. By providing structure to otherwise unstructured information, classification empowers organizations to control the distribution of their confidential information in accordance with various industry regulations. Regulated records may also need to be retrieved quickly for auditing or legal discovery purposes.
Increasing Security, Reducing Risk
Data security has become a clear imperative for organizations today. Classification of data has multiple benefits, employee awareness being a primary one. As they handle data throughout each day, workers adopt a security focus that may have been previously lacking. Such active daily participation fosters a data security culture - a powerful tool in the fight to protect digital assets.
Sign up for CIO Asia eNewsletters.