Archive for the ‘Classification’ Category

Classification and Organisational Risk

Wednesday, April 13th, 2016

It is a long held view by data classification advocates that the best people to classify data are the end users. After all, they’re the ones who know the content and understand how the data is to be used, right? Yet, some data breaches still happen because users are simply not aware of how sensitive the data truly is, or they don’t fully understand the consequences that disclosure of the data may have to the organisation.

One of the top reasons that customers purchase TITUS Classification Suite is to provide a tool to reinforce their data security education and awareness programs. The user-driven classification approach can be effective as long as your users understand the meaning of the classification labels they are assigning, as well as the definition of sensitive information in the context of your business. (more…)

IT is Not Responsible for Your Mistakes

Wednesday, March 30th, 2016

We’ve all been there; heart racing, palms sweating, and gasps of remorse while frantically pressing the email recall button and praying you haven’t done what you think you have just done. You guessed it, I’m talking about the “oops” email – the email that you should not have just sent. The email that could cost you your job, your reputation and a sizable amount of regret!

Suggesting that IT is responsible for protecting today’s data is like suggesting a car dealership is responsible for the safety of drivers.  Ultimately, you can buy a car from a dealership, but it’s your responsibility to be safe and avoid accidents.  IT alone can’t cover the “oops” email or any other user blunders. As we move forward in a world where users are responsible for creating and handling an organization’s most important asset – data – it’s imperative to make users aware of their responsibility. After all, users are often much more aware of the sensitivity of a file than a machine can be.

I hear you asking: “Why is it my responsibility when we have all these great security systems?”


Why Choose Just One Superhero When You Can Choose Them All?

Thursday, March 24th, 2016

This weekend the latest superhero movie will open – pitting the two most popular superheroes of them all against each other: Batman versus Superman. In the film, Batman, the regular guy fighting the good fight with only his personal strength, wits, and a few gadgets, faces off against Superman, the almost limitlessly powerful alien. It is an interesting battle which I find parallels the argument between those that support user-driven, manual classification (Batman) and those that swear that only machine generated automatic classification (Superman) should ever be used.

In the business world, our “superheroes” consist of technologies that help us manage and protect data from the moment it is created to the day it is finally deleted. It would be great if we actually didn’t need superheroes to fight crime, but crime is a fact of life we cannot escape. Criminals are actively trying to steal our data and we need to protect it, be that preventing inadvertent data breaches, protecting data when shared outside our home perimeter, or safely disposing of data when it becomes a liability. So, in the battle of “Batman” versus “Superman,” who do you choose?

Batman v Superman

Data Overload

Wednesday, February 24th, 2016

Data is everywhere.

You hear those words so often that it’s becoming a cliché, but you can’t deny the truth of it. There was a time when there were only hard copies of files – someone typed them up, maybe photocopied them a few times – but they were easier to trace and control. Bob from the finance department down the hall had the latest version, and you went to him to get it. Today, the reality of information sharing paints a vastly more complicated picture.

When I create a document, I do it in several steps. I generate a draft, send it around to a few people for an initial review, and then incorporate their feedback into the next version. From there, I may call it complete and send it to my boss for final review. I may then send the completed revision to its final audience via email, post it in SharePoint, or save it to a network drive (among numerous other options). And what about the other people with whom I shared it? Did they download their own copies to save their changes? Did they send it to someone else within the company to get their take on it? Did someone save it to the Cloud to read at home later? That information that started as a single file may now exist in many places. It’s pretty obvious how quickly our data footprint expands.


What LEGO® Can Teach Us About Data Security

Thursday, February 11th, 2016

LEGO is slippery. I know that statement doesn’t sound like it makes sense and you are probably saying to yourself: “Surely he knows that LEGO blocks interlock and stick together!”

That is true. But, if you have ever used LEGO to build on a hard surface you know that, as you add more bricks to the building you are making, your construction can easily slip around. Unless you are building on a LEGO surface, you can’t always be sure the pieces you are adding won’t cause the structure to slip or tip. The foundation that you build upon makes all the difference to the stability of what you are building.


Do the New European Data Protection Regulations Spell the End of the Business Card?

Wednesday, February 3rd, 2016

Ok, the title of this blog sounds bizarre and extreme, but let’s think about it for a while. What are business cards used for?

As a marketing person (for a business to business product) you go to a trade show and talk to people about your product, and you come back with a pile of business cards from people you talked to. Once collected, you enter the information on the card into a database to include them on your next mailer, or pass them on to the lead management team.



Millennial Privacy – A Paradox?

Tuesday, January 26th, 2016

Each year, International Privacy Day reminds us how important it is to question where sensitive data resides, who has access to it, and how to best value and protect private information. As large enterprises hire the next generation of social media savvy employees, it is also a good time to question whether these millennials understand the value of data. Do they know what information should stay private vs. what can be shared?

Working with a generation that readily connects, collaborates and shares information online, companies are faced with educating employees on balancing the need to share with the need to protect. In an era of digital business, company brand and customer loyalty and retention depend on it.

blog privacy day


Oh Canada! How a Trip to Ottawa Converted a Data Classification Skeptic into a TITUS Champion

Thursday, January 14th, 2016

The following blog has been re-posted with permission of the author. The original post can be found on Jeremy Wittkop’s LinkedIn blog.

This will be the rarest of posts. I am going to begin my post about why Data Classification is important to a content and context aware security program by telling you all of the reasons why I was originally skeptical of its value. I do so in hopes that people who share the same concerns I did will have an opportunity to experience the magic of the Titus approach vicariously through me. I am also going to do something that few people who are in my position are willing to do, while simultaneously do something no author should ever do. I am going to admit I was wrong and I am going to quote myself.

“I was wrong” – Me


3 Steps to Prevent Information From Just Walking Out the Door

Wednesday, January 6th, 2016

We put a lot of resources into data loss prevention, information classification and cyber security projects in an effort to ensure our information is safe. We have developed sophisticated methods of detecting sensitive information and stopping it from being copied over the network, uploaded to the cloud, copied to USB sticks and even burned to DVDs. But there is still one (low tech) leak that seems unstoppable: paper. What is to prevent someone from printing out sensitive information and then taking it out the door or losing control of it in some other way?

blog confidential doc

At first glance it may seem there is nothing we can do, but there are steps that can be taken.