The following is a guest post from Mitch Robinson, president and chief operating officer at TITUS.
We hear the phrase "digital transformation" thrown around a lot these days, but what does it really mean? The consultants at i-Scoop define it as "the profound and accelerating transformation of business activities, processes, competencies and models to fully leverage the changes and opportunities of digital technologies and their impact across society in a strategic and prioritized way."
As enterprises set their priorities for transformation, one of them should be the protection of their brand reputation and customer trust.
A key strategy is to create a culture of security that supports the new way of sharing. A culture of security is not an end in itself but a pathway to achieve and maintain other objectives, such as proper use of information.
Data rules the world
These days, enterprises run on data; those who steward their data well will sail ahead of those who don’t. For example, organizations are leveraging the power of Big Data analysis to make their internal data work for them, leading to insights that create cost savings, efficiencies, new products and improved customer experiences. These insights create the differentiation that leads to greater market share and increased revenue.
By the year 2020, about 1.7 megabytes of new information will be created every second for every human on the planet. Organizations need to determine how they will handle all this data, which will be managed, stored and shared across platforms and around the world.
Digital sharing has become a way of life; it’s become a necessity among mobile, distributed work teams. Employees now use Dropbox, Slack and similar applications to share information — and sometimes, that information is sensitive in nature. With more people accessing and storing files in a multitude of network and cloud repositories, an organization’s sensitive data could be anywhere.
Collaboration among employees, partners and customers is key, but there must be a balance between information sharing and information protection.
Dangers abound
As more and more data flows between more locations, the threat landscape expands dramatically. Threats from the hacking of IoT devices and cloud apps continue to evolve.
The September 2016 Netskope Cloud Report found that enterprises, on average, have 977 cloud apps in use. This creates a huge threat landscape; 43.7% of malware found in enterprises cloud apps has delivered ransomware, and 55.9% of malware-infected files found in cloud apps are shared publicly.
Attacks can come from almost anywhere these days: hackers, hactivists, digital crime syndicates and malicious insiders, to name a few. However, a much more typical threat source is unintentional human error caused by uninformed employees. They pose a particular danger because they have legitimate access. This leads to common data breach accidents such as including sensitive data in an email or attachment, accessing data from unsecured public sources or inappropriate sharing of information to personal email and devices.
Classification increases awareness
Careless or uneducated users with legitimate access are just about impossible to stop with traditional security systems. Instead, this is a job for data classification. This strategy helps companies balance the need to share information to achieve their objectives with the need to protect information that is sensitive or critical to their organization.
Data classification enables organizations to classify, protect and confidently share information and meet regulatory compliance requirements by identifying and securing unstructured data.
The primary factor in the effectiveness of classification is how it brings digital awareness to your data. Classification adds "metadata" to each file — the details about the data itself, such as author, creation date, or the classification (top secret, etc.). Any time someone classifies an email, a document or a file, persistent metadata identifying the data’s value is embedded within the file. So, no matter where the information is saved, sent or shared, the value of the data is identified and preserved.
However wonderful and well thought-out a tool or policy is, it cannot be effective if employees don’t understand or don’t comply with it. Herein lies the genius of data classification. A classification tool consistently reminds users of data security policies each time they save a document or send an email. By requiring users to identify the sensitivity of the information, data security remains constantly top of mind. Asking employees to classify each file helps to improve the source of the problem: users who lack awareness of the proper security procedures.
The first line of defense is to enable users to classify the data they handle, but there is a second line as well. It is now possible for a classification tool to monitor users’ folders to automatically analyze and classify data the moment it is created in, moved to or modified within the folders. This includes the interception of files as they are downloaded from web browsers or email.
That’s an important function, as one of the most common forms of data breach is including sensitive data in an email. By checking the selected classification against the email content and attachments, classification tools can immediately identify possible breaches before the email ever leaves the user’s control. This gives organizations the best of both worlds: user-driven as well as automated classification.
Digital and Cultural Transformation
This two-pronged approach helps organizations transform their data security culture and set the foundation for their information protection program and strategic digital transformation. Their objective is to cultivate a culture of information management, which makes users respectful and aware of the sensitivity of information.
Tools that are easy to use and provide immediate feedback with corrective suggestions greatly increase the likelihood of a culture of digital awareness — and greater data security — taking hold.