Remember Tetris? Admit it – you’ve wasted hours on Tetris. Well, let me share with you something I like to call “Policy Tetris.”
Archive for the ‘Classification’ Category
Marshall McLuhan coined the phrase “the medium is the message” in writing about the social impact of technology. While we are watching the content, we miss the transformative impact the medium has on our lives. Just as the simple light bulb forever changed how we live and work, the Internet of Things—embedded in devices from pacemakers to home thermostats—creates a connectedness we could not have imagined just a few years ago. And it makes us simultaneously free and vulnerable.
At its most basic level, the Internet of Things (IoT) is the interconnection of devices and sensors across the Internet – machines talking to other machines about your health, a refrigerator that keeps track of its contents, and a home security system that monitors your comings and goings.
This free flow of information is both exciting and terrifying. (more…)
Edward Snowden was in the news again this month, speaking (via teleconference from Russia of course) at an event hosted by Ryerson University in Toronto, Canada. Apart from the designated topic of classified government documents making their way into public hands, the concept of communications privacy was broached by the famous ‘whistle-blower’. Mr. Snowden said that he himself avoided any digital communications “for anything that could be considered sensitive just because it’s extremely risky” and framed these thoughts with a series of software tools he recommended to protect the privacy of your data.
Think about this…on that special day when we are born our parents give us a name. Makes sense, right? Having a name keeps you from getting mixed up with the other babies. If you are late for supper and your mom needs to find you right away, she calls your entire name just to make sure the right “Mike” comes home. Should you get lost, it would be pretty difficult for your parents to say to police: “Well, he is 7 years old but doesn’t have a name. See if he answers to ‘Steve’. We always liked that name…”
Your company’s data isn’t much different, is it? Without a unique identifier your sensitive data is subject to misuse or improper handling. Everything from securing, storing and retrieving your information is much more difficult, time consuming, and less efficient without first properly identifying—or classifying —your data.
Many organizations are beginning to see the value in “naming their data”, or data classification, and are starting to do something about. However, there are still some organizations out there that do not classify their data. Here is a top 10 list of excuses why organizations DO NOT classify their data “babies”.
Think fast – your house is on fire and you only have time to run in once to grab the valuables.
What do you grab?
Most people would (hopefully) grab, in this order, their children, pets, and then—if there is time—family heirlooms and personal/financial documents. But this assumes that you know the location of your belongings, and that they were not left in flammable areas. The same holds true when talking about enterprise data. There are data “arsonists” running around with lighters and matches, trying to ignite your data and leave you with a singed reputation and charred bottom line.
Next week, SC Magazine will be hosting a webinar on how Provident Bank transformed their information protection strategy [link updated to webinar recording]. While it might be a bit of a spoiler, I will let you know that Provident Bank thought enough of classification to make it central to their data protection transformation, as have many other financial organizations. I have worked with a number of different financial services companies, and while each might deal with much of the same kinds of data – payment card information (PCI), personally identifiable information (PII), and intellectual property (IP) – they all had their own unique drivers for implementing classification. It made me wonder — what are the top 5 reasons that financial organizations have asked TITUS to help them classify their data? Here is what I found:
In light of last week’s announcement that the records of 80 million customers were stolen from healthcare insurer Anthem, it is worth noting that healthcare organizations have a particularly heavy data protection burden to bear. As the NY Times reported, Protected Health Information (PHI) is incredibly valuable. Where credit card records were selling for just 33 cents each, a patient medical record on the black market sold for $251.
Why is PHI so valuable?
It’s Data Privacy Day today, and TITUS is participating with other organizations around the world to raise awareness about the need to protect personal data. While much of the focus of Data Privacy Day is on how individuals can protect their data from the mischievous, the opportunist and the criminal, here at TITUS we like to look at it from the other side. How can the bank, the clinic, the department store, the utility, the educational institution, and all of the other legitimate organizations that collect personal details be good stewards of this information?
Last week, 451 Research analyst Daniel Kennedy released a report which revealed that corporate data protection is the top mobile concern for security managers. How much of a concern? Forty-two percent (42%) of the security managers they spoke to cited data security as the top priority. The next highest concern was user-owned devices (BYOD) at 11%. While I am not surprise that data security is the top concern and BYOD is second, I must confess that I find the huge delta between the two concerns surprising. With BYOD such a distant second, it is apparent that security managers do not feel that company data, such as PII, PHI, PCI and intellectual property (IP), is safe even on corporate-owned devices.
So why is this? (more…)