Creating a Security Culture in the Age of Digital Transformation
October 27, 2016 No CommentsFeatured article by Mitch Robinson, President and COO, TITUS
Enterprises are embracing the shift to becoming digital as the fast pace of business now demands a frictionless sharing experience. The “Digital Transformation Agenda 2016” report from The Economist Intelligence Unit revealed that 77 percent of those surveyed agreed somewhat or strongly that digital transformation is their number one priority. However, 46 percent felt their organization would need to make significant changes to meet their goals.
Data-driven Intelligence
Data is the key to every business today, and those who own and manage their data well will win. For example, organizations are leveraging the power of Big Data analysis to make their internal data work for them, leading to insights that create cost savings, efficiencies, new products and improved customer experiences. These insights create the differentiation that leads to greater market share and increased revenue.
More insights are possible than ever before because there is more data than ever before. By the year 2020, about 1.7 megabytes of new information will be created every second for every human being on the planet. Organizations need to determine how they will handle all this data, which will be managed, stored and shared across platforms and around the world.
The digital world has led to an increasingly mobile workforce, necessitating more options to collaborate and share. Employees now use Dropbox, Slack and similar applications to share information – and sometimes, that information is sensitive in nature. With more people accessing and storing files in a multitude of network and cloud repositories, an organization’s sensitive data could be anywhere. Collaboration among employees, partners and customers is key, but there must be a balance between information sharing and information protection.
Security Awareness Concerns
As the digital universe expands, so do its attack vectors. Threats from the hacking of IoT devices and cloud apps continue to evolve. The September 2016 Netskope Cloud Report found that enterprises, on average, have 977 cloud apps in use. This creates a huge threat landscape; 43.7 percent of malware found in enterprises cloud apps has delivered ransomware, and 55.9 percent of malware-infected files found in cloud apps are shared publicly.
Hackers and malicious insiders certainly add to the threat, but a much more typical threat source is unintentional human error caused by uninformed employees. They pose a particular danger because they have legitimate access. This leads to common data breach accidents such as including sensitive data in an email or attachment, accessing data from unsecure public sources or inappropriate sharing of information to personal email and devices.
Creating Digital Awareness
Traditional security systems aren’t good at preventing accidental disclosure by careless or uneducated users with legitimate access. Instead, this is a job for data classification. This strategy helps companies balance the need to share information to achieve their objectives with the need to protect information that is sensitive or critical to their organization. Data classification enables organizations to classify, protect and confidently share information and meet regulatory compliance requirements by identifying and securing unstructured data.
The key to classification’s success is its ability to bring digital awareness to your data. Classification adds “metadata” to each file – the details about the data itself, such as author, creation date, or the classification (top secret, etc.). Any time someone classifies an email, a document or a file, persistent metadata identifying the data’s value is embedded within the file. So, no matter where the information is saved, sent or shared, the value of the data is identified and preserved.
No tool or policy will be effective if employees don’t understand or don’t comply. Herein lies the genius of data classification. A classification tool consistently reminds users of data security policies each time they save a document or send an email. By requiring users to identify the sensitivity of the information, data security remains constantly top of mind. Asking employees to classify each file helps to improve the source of the problem: users who lack awareness of the proper security procedures.
In addition to enabling users to classify data, it is now possible for a classification tool to monitor users’ folders to automatically analyze and classify data the moment it is created in, moved to or modified within the folders. This includes the interception of files as they are downloaded from web browsers or email.
This is particularly effective in overcoming the all-too-common breach danger of including sensitive data in an email. By checking the selected classification against the email content and attachments, classification tools can immediately identify possible breaches before the email ever leaves the user’s control. This gives organizations the best of both worlds: user-driven as well as automated classification.
Data Classification is the Foundation of Digital Transformation
Organizations embrace data classification to transform their security culture and set the foundation for their information protection program and strategic digital transformation. Their objective is to cultivate a culture of information management, which makes users respectful and aware of the sensitivity of information.
Classification is the indispensable foundation to data security, and shifting to a culture of data security will only take place when all employees are continually engaging in corporate security policies. Once the users are on board in principle, it is important to follow up with tools that are easy to use and provide immediate feedback with corrective suggestions when there is a violation. When data is classified, organizations can raise security awareness, prevent data loss and comply with records management regulations.
About the author:
Mitch Robinson serves as President & Chief Operating Officer at TITUS.
He has over 20 years of professional experience working in enterprise software, mergers & acquisitions, corporate strategy, emerging markets, business & market development and financial management. Prior to TITUS, Mitch was Director of Operational Risk and Governance, Risk & Compliance with IBM.