Data is truly not created equal. We’re all concerned about Data theft, be it credit card information, healthcare (PHI) information, or private and confidential employee data or trade secrets. In recent cases, we have heard a lot about corporate espionage and hacking threats from competing nation states. Well, how do we go about protecting our information assets from data thieves? In most cases, a combination of Data Classification, Data Leakage Prevention and Encryption will get you there.
Data classification is a prerequisite to a successful Data Leakage Prevention (DLP) implementation. Before we can protect our data from leaking, we need to classify information into some iteration of the below four categories:
1) Public Use 2) Internal Use 3) Confidential 4) Top Secret
In order to accomplish this task;
- We usually scan the environment (data discovery) for key words, phrases, and content that the business unit deems confidential and at risk.
- This information is then initially identified and consolidated. It’s a lot easier to safeguard assets in 1-5 locations, rather than if they were spread out all across the network.
- Once the data is consolidated, appropriate protection and data security (data at rest encryption for example) measures can be applied to the data or the devices it resides on.
From that point on, all the information assets can be tagged appropriately (Example: Public Use, Internal Use Only, Confidential and Top Secret). The organization can then set policies for data in use and data in motion. After Data Classification is complete, A Data Leakage Prevention (DLP) solution can then follow the policies we set to protect data from leaving the organization or getting into the wrong hands internally as well.
In conclusion, for an effective data security strategy, we really have to lay the foundation through a data classification exercise, and then follow it up with data security measures like DLP and Encryption.