Archive for the ‘Classification’ Category

Do the New European Data Protection Regulations Spell the End of the Business Card?

Wednesday, February 3rd, 2016

Ok, the title of this blog sounds bizarre and extreme, but let’s think about it for a while. What are business cards used for?

As a marketing person (for a business to business product) you go to a trade show and talk to people about your product, and you come back with a pile of business cards from people you talked to. Once collected, you enter the information on the card into a database to include them on your next mailer, or pass them on to the lead management team.

cards-blog_image-Feb-Fy16

(more…)

Millennial Privacy – A Paradox?

Tuesday, January 26th, 2016

Each year, International Privacy Day reminds us how important it is to question where sensitive data resides, who has access to it, and how to best value and protect private information. As large enterprises hire the next generation of social media savvy employees, it is also a good time to question whether these millennials understand the value of data. Do they know what information should stay private vs. what can be shared?

Working with a generation that readily connects, collaborates and shares information online, companies are faced with educating employees on balancing the need to share with the need to protect. In an era of digital business, company brand and customer loyalty and retention depend on it.

blog privacy day

(more…)

Oh Canada! How a Trip to Ottawa Converted a Data Classification Skeptic into a TITUS Champion

Thursday, January 14th, 2016

The following blog has been re-posted with permission of the author. The original post can be found on Jeremy Wittkop’s LinkedIn blog.

This will be the rarest of posts. I am going to begin my post about why Data Classification is important to a content and context aware security program by telling you all of the reasons why I was originally skeptical of its value. I do so in hopes that people who share the same concerns I did will have an opportunity to experience the magic of the Titus approach vicariously through me. I am also going to do something that few people who are in my position are willing to do, while simultaneously do something no author should ever do. I am going to admit I was wrong and I am going to quote myself.

“I was wrong” – Me

blog_ottawa
(more…)

3 Steps to Prevent Information From Just Walking Out the Door

Wednesday, January 6th, 2016

We put a lot of resources into data loss prevention, information classification and cyber security projects in an effort to ensure our information is safe. We have developed sophisticated methods of detecting sensitive information and stopping it from being copied over the network, uploaded to the cloud, copied to USB sticks and even burned to DVDs. But there is still one (low tech) leak that seems unstoppable: paper. What is to prevent someone from printing out sensitive information and then taking it out the door or losing control of it in some other way?

blog confidential doc

At first glance it may seem there is nothing we can do, but there are steps that can be taken.
(more…)

TITUS Boxing Day

Thursday, December 17th, 2015

It’s TITUS Boxing Day today. While traditionally Boxing Day follows Christmas on December 26th, we celebrate a week or so before. We also differ from tradition as the Christmas boxes we prepare are not for our employees, but are boxed by our employees for those in our community who could use some extra help.

Toys for Toy Mountain
(more…)

Regulatory Developments for Cloud Data Privacy

Wednesday, December 9th, 2015

Data privacy in the cloud continues to be a hot topic for regulators. This week, I’d like to cover two important data privacy developments that have a tie-in to concerns about US surveillance programs and cloud data. The first is the US Email Privacy Act, and the second is the revocation of the US-EU Safe Harbor agreement.

Email Privacy Act

The Email Privacy Act is a proposed US Federal law that would require the government to obtain a warrant before accessing email, text messages, and other private content stored in the cloud by Internet Service Providers.

blog_Dec82015
(more…)

Are you ready for NERC CIP v5?

Wednesday, December 2nd, 2015

If your organization is a bulk power system owner or operation in North America, then you probably already know that you need to be compliant with NERC CIP v5 by April 1, 2016.

For readers who are not familiar with the topic, North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability of the bulk power system in North America. NERC develops and enforces Reliability Standards, including Critical Infrastructure Protection (CIP) standards to secure cyber assets essential to the reliable operation of the electric grid.

NERC Image
(more…)

What is “Suggested Classification”?

Wednesday, November 25th, 2015

Last week my colleague Libby Robinson wrote about the enhanced automated classification capabilities of the new TITUS Classification Suite 4.4. While TITUS can automate classification better than ever, Libby nonetheless concluded that: “it is best practice to deploy a combination of user-driven, system suggested and automated classification.” If you read the TITUS blog regularly, I’m sure you are familiar with user-driven classification and its importance to the organization. But what is “system suggested classification” and when would an organization use it?

With “system suggested classification,” the TITUS policy engine runs the same evaluation policies as are performed during the automated classification process (based on content, context, the user, the recipient, etc.). The key difference is that a user is prompted to confirm the automated classification results and is able to quickly adjust the classification if the automated process was deemed incorrect.

Robot-blog_image
(more…)

Secure Cloud Sharing with the New TITUS Classification for Mobile

Thursday, November 19th, 2015

While they offer incredible advantages, cloud sync and share services like Box and Dropbox also come with risks. As usual, one of the top risks isn’t from the technology itself, but the user. What guarantees do you have that your users are safely sharing information in the cloud? Unlike folders on the network, cloud folders are easily shared with users outside of your organization, and it is not always easy to tell which folder was created for sensitive content and which was not. As a result, users are more likely to make a mistake and overshare information.

While you can drill down to see with whom a folder is shared or examine the content of the folder to determine its sensitivity, this is time consuming and slows the speed of business. This inevitably means some users will fail to take those extra steps. It is also easy for a user to simply create a new folder on the run, forget the access details over time, and assume it is safe to use for another document at a later date. Folder names rarely convey the sensitivity or collaborative nature of the folder. So, when users share via the cloud do they know if the folder is shared externally? Can they easily tell if the folder is meant for public or internally facing documents? And, are your users always going to double check to make sure they know the answers before they upload a file? Unfortunately, when it comes to using a cloud service mobile app, ease of sharing information often takes priority over security. TITUS Classification for Mobile considers user experience, ease of use, and data protection all as equally important.

(more…)

Enhance Your Automated Classification Capabilities with TITUS Classification Suite 4.4

Wednesday, November 18th, 2015

The global data footprint is growing at an unprecedented rate, with business users creating and sharing information in new ways. Identifying your sensitive data within this vast cauldron of information is imperative, but relying solely on your users to do so might not be enough. The question is: how can you effectively balance involving your users in data identification with automation?

Sensitive information such as PII, PHI, PCI and ITAR data doesn’t always require user involvement to be identified and classified. Additionally, if your organization has defined terminology which refers to your Intellectual Property, you may not require user-driven classification to identify it. The enhanced automated classification capabilities of TITUS Classification Suite 4.4 – available now – will enable your policies to be applied behind the scenes.
(more…)