Edward Snowden was in the news again this month, speaking (via teleconference from Russia of course) at an event hosted by Ryerson University in Toronto, Canada. Apart from the designated topic of classified government documents making their way into public hands, the concept of communications privacy was broached by the famous ‘whistle-blower’. Mr. Snowden said that he himself avoided any digital communications “for anything that could be considered sensitive just because it’s extremely risky” and framed these thoughts with a series of software tools he recommended to protect the privacy of your data.
It can be argued that Snowden’s popularity plays to the rising fear that all the personal information we generate from our connected devices can be used nefariously by our government. This fear is not new. In 1949 George Orwell predicted such a situation in his novel Nineteen Eighty-Four, which introduced the concept of a government “Big Brother” overseer that tracked all of our actions. As our daily lives are now filled with activities facilitated by computers and smartphones, we are becoming more and more aware of the data we create which can be tracked and hijacked. The advent of the “Internet of Things” (IoT) signals change ahead and breaths life to the threat that our every action will flow through global networks and may be used against us. It is this fear that is driving the popularity of the personal privacy tools that Snowden recommended, like TextSecure and SnapChat, and the public outcry over Samsung’s embedded voice recognition software which listens into your conversation at home. People do not want the devices of everyday life to spy into the details of how they live their personal lives.
This heightened awareness of personal data protection mirrors the heightened awareness of data protection at the corporate level. However, many organizations aren’t taking the appropriate measures to incorporate tools to facilitate protection. Where is the “SnapChat” for credit card numbers sent in an email? What about the “TextSecure” to make sure only the right business partners view your intellectual property?
Organizations must accept that ever-present surveillance exists and do what they can to protect the information that they value the most. For a company to implement a successful data protection policy, they should change to a philosophy that “Big Brother is watching you” and apply that same heightened awareness to their own data. As a business, if you took the concept that you can’t stop Big Brother from watching everything, but could prevent him from seeing some things, what would you share and what would you hide?
Due to the sheer volume of data most businesses work with, it becomes imperative to classify the data you create in order to track what needs to be shielded from Big Brother’s eyes. Classifications apply degrees of value to the information that resides in your organization. Just as with our own personal data, there are degrees of importance on the data that resides within your corporate walls, i.e. information that you don’t care if anyone knows, information you only want those close to you to know, and information that no one else can know but you.
As a business, there is a lot of information that falls into the category of “information you only want those close to you to know”. After all, you have to share some data with different departments and even different trusted partner organizations to function effectively. With classifications in place, policies can be written—and enforced—which control and protect information to the degree necessary to ensure it remains a secret. For example, headers and footers can be applied to documents to alert users to the sensitivity of the file when it is opened or printed so that they take appropriate precautions with the file. The TITUS policy engine can even control access to files by checking the Active Directory attributes of the user to verify they have the right to open files of a specific classification and either allow or prevent depending on the users’ authorization level.
The act of data classification is that first step in any successful data protection project. TITUS Classification helps you take that all-important first step by helping you identify what information needs to be protected and to what degree. By classifying, you decide what Big Brother might see and what he cannot.