Data classification is an approach to identifying, protecting, and managing information which has rapidly become best practice. Implemented as part of a layered security strategy, it enables an enterprise to defend itself against a variety of threats - from aggressive outsiders to untrained or well-meaning insiders - while unlocking the full potential of its data to drive innovation and productivity. At its simplest level, data classification is “the process of organizing data into categories for its most effective and efficient use”. From a security perspective classification involves the categorization and labelling of data according to its level of sensitivity or value to an organization – for instance as commercial in confidence, internal only or public. The approach switches the focus of data security from building ‘walls’ around networks, databases, applications, or devices – increasingly ineffective, as 95% of breaches are caused by human error (your users are on the inside of any “wall”) – to the data itself. The first step is to establish a policy as to what labels or classifications should be added to which files or emails. The company can then decide how to communicate this to employees and decide on how to implement the policy. Some organizations decide to adopt a manual only labelling policy. However, there are more advanced data classification techniques that utilize software toolsets which attach labels to email messages, documents, and files. In addition to a visual marking that lets people know how the data should be handled, the label is embedded into the file properties as metadata, allowing the data to be accessed or used only in accordance with the rules that correspond with the data’s classification. This means that the protection travels with the data, wherever it is sent or stored. Each of the three techniques – paper-based classification, automated classification and user-driven (or user-applied) classification – has its own benefits and pitfalls. Paper-Based Classification
Policy Automated Classification
Policy |