In part two of their series on The Definitive Guide to Data Classification, Digital Guardian look at the growing data deluge, what analysts are saying about security strategy, and how classification can bring order to your digital world.
A certain fictional character is known to have said “Knowing is half the battle.” Who knew all these years later that statement would still be relevant and tied to something like data classification and information security? When it comes to data protection, an understanding of what you are protecting is key to success. Analyst firm IDC estimates the digital universe is growing at ~40% year over year. Search for the term “digitization” and you’ll see McKinsey, PricewaterhouseCoopers, and the Harvard Business Review in the results; it simply means that more data is in electronic form. What that also means is there is more digital data to protect. Data classification allows you to tailor your data protection strategy to what is most important to your business, despite this 40% annual increase in the volume of data created.
The analyst firms, too, are fielding calls from their customers about protecting the increasing volume of data and recommending data classification as a way to put order to the chaos. Gartner and Forrester both call data classification a foundational element of a data protection strategy. The broad efficacy of classification delivers benefits across the information security stack, hence the importance these firms place on classification. It serves to put a line in the sand around what is and what isn’t critical to continued business operations.
Need more? While classification was once targeting insider threats, now it defends against both insider and outsider threats. With data classification in place as part of your data protection program:
- Files that are classified as sensitive either can’t be attached to emails or won’t go to unauthorized recipients (such as that random address that Outlook incorrectly auto-populated), preventing the insider-based intentional or inadvertent data loss incident.
- Company networks are under a steady stream of attacks, ranging from the opportunistic to the targeted. When these attacks go after sensitive data, per your data classification program, alerts are escalated to prompt either automated actions or the attention of the infosec team.
Somewhere buried in an enterprise’s data are:
- CAD files with proprietary manufacturing details
- Photos of the booth from the last trade show
- Merger and acquisition plans
- Archived press releases
- Pre-release earnings information
Without data classification, they all look the same to your data security program; with data classification you can see what should be treated with high security and what documents are safe for public exposure. You achieve focus, clarity of mission, and efficiency.
The Definitive Guide to Data Classification