It is a long held view by data classification advocates that the best people to classify data are the end users. After all, they’re the ones who know the content and understand how the data is to be used, right? Yet, some data breaches still happen because users are simply not aware of how sensitive the data truly is, or they don’t fully understand the consequences that disclosure of the data may have to the organisation.
One of the top reasons that customers purchase TITUS Classification Suite is to provide a tool to reinforce their data security education and awareness programs. The user-driven classification approach can be effective as long as your users understand the meaning of the classification labels they are assigning, as well as the definition of sensitive information in the context of your business. The weakness with any purely user-driven classification approach is that each individual who handles data will substitute their own view of organisation risk based on their specific job role and understanding of the company’s business. While this risk can be mitigated with a clear classification schema and classification tips, individual users may not always be privy to the broader corporate picture or have a complete view of the data throughout its entire life cycle. Consequently, the judgements they make about the level at which data should be classified may not always be an accurate reflection of the risk that disclosure would pose for the wider organisation.
TITUS helps customers address these issues of data management, awareness and education through the use of system-suggested classification. Rather than solely letting the user decide the classification level, TITUS can analyse both the content and context of the information and provide suggested classification levels based on the results. These suggested classifications are an effective means to guide the user towards the desired data handling behaviour. In the course of doing this, TITUS can educate the user on what constitutes sensitive data as it relates to the entire organisation. It can provide specific examples of the type of documents or files that help explain why the classification was suggested. Utilising system-suggested classification will help your users understand the sensitivity of data and its impact to your organisation, and can effectively reinforce user awareness and education training to drive optimal data handling behaviour among end users.