Archive for the ‘DLP’ Category

What is “Suggested Classification”?

Wednesday, November 25th, 2015

Last week my colleague Libby Robinson wrote about the enhanced automated classification capabilities of the new TITUS Classification Suite 4.4. While TITUS can automate classification better than ever, Libby nonetheless concluded that: “it is best practice to deploy a combination of user-driven, system suggested and automated classification.” If you read the TITUS blog regularly, I’m sure you are familiar with user-driven classification and its importance to the organization. But what is “system suggested classification” and when would an organization use it?

With “system suggested classification,” the TITUS policy engine runs the same evaluation policies as are performed during the automated classification process (based on content, context, the user, the recipient, etc.). The key difference is that a user is prompted to confirm the automated classification results and is able to quickly adjust the classification if the automated process was deemed incorrect.


Secure Cloud Sharing with the New TITUS Classification for Mobile

Thursday, November 19th, 2015

While they offer incredible advantages, cloud sync and share services like Box and Dropbox also come with risks. As usual, one of the top risks isn’t from the technology itself, but the user. What guarantees do you have that your users are safely sharing information in the cloud? Unlike folders on the network, cloud folders are easily shared with users outside of your organization, and it is not always easy to tell which folder was created for sensitive content and which was not. As a result, users are more likely to make a mistake and overshare information.

While you can drill down to see with whom a folder is shared or examine the content of the folder to determine its sensitivity, this is time consuming and slows the speed of business. This inevitably means some users will fail to take those extra steps. It is also easy for a user to simply create a new folder on the run, forget the access details over time, and assume it is safe to use for another document at a later date. Folder names rarely convey the sensitivity or collaborative nature of the folder. So, when users share via the cloud do they know if the folder is shared externally? Can they easily tell if the folder is meant for public or internally facing documents? And, are your users always going to double check to make sure they know the answers before they upload a file? Unfortunately, when it comes to using a cloud service mobile app, ease of sharing information often takes priority over security. TITUS Classification for Mobile considers user experience, ease of use, and data protection all as equally important.


Corporate Security and the 2-in-1 Device

Friday, November 13th, 2015

Microsoft seems to have fallen into a pattern where one release of Windows struggles in the market but then the next one succeeds, and back and forth. Windows 8 was one that struggled. Windows 8 came with a new class of Apps, and a new UI called Metro. Unfortunately, people didn’t like it much and they switched to desktop mode fast. True to form, Windows 10 seems to be much more successful. But before we completely dismiss Windows 8, it’s worth thinking about what Microsoft was trying to do with that release and why.

Like a lot of office workers I had a Windows laptop when Windows 8 came out, and I also had an iPad. I was experimenting with leaving the laptop at my desk and only taking the iPad with me when going to meetings or was otherwise away from my desk. After all, it seemed silly to carry two devices when I could present from the iPad, takes note on the iPad, and answer email on the iPad, right?


When the Privileged Insider Goes Bad – 5 More Ways to Tackle Insider Threat

Wednesday, October 21st, 2015

Last week Stephane Charbonneau, TITUS CTO, laid out 5 steps to help tackle insider threats. These tips focused on user training, user involvement and fostering a culture of security in order to prevent accidental user leaks and to [hopefully] prevent users from crossing the line into malicious behaviors. But what if the user is committed to abusing their internal access privileges for their personal gain?

Undoubtedly there are departments or data within your organization where a zero trust model might need to be enforced because the risks posed by a rogue employee are too high. There are likely areas where users have access to data so important and valuable that they are motivated to steal, sell, or otherwise leak data. For those who have access to this data stronger measures need to be in place.


Protect Your Intellectual Property: Forrester Playbook Overview

Thursday, August 6th, 2015

Wouldn’t it be great to say there is one product, from one vendor, that can protect all of your data? The reality, however, is that you need a security ecosystem and framework to protect your most valuable data assets. Forrester Research Inc. has developed a Data Security And Privacy Playbook which helps organizations build the framework they need to protect sensitive information. (more…)

Tackle Your Insider Threat: Protect Your Information and Organization

Tuesday, May 12th, 2015

Last week we featured an excellent blog by Mike Osterman, President of Osterman Research, focused on the threat to data security posed by insiders. As the business world gets more mobile and collaborative, the risks that insiders pose to information security increases. With cloud storage apps, thumb drives, and mobile devices that contain a great deal of corporate information but are also easily lost or stolen, your users can leak huge volumes of your critical data quickly – and so far I am just talking about mistakes by good employees. When you consider employees that have gone bad and are stealing information for financial gain, prevention and detection of insider data leaks becomes critical.

Top 6 Reasons Financial Services Companies Classify Data

Wednesday, February 25th, 2015

Next week, SC Magazine will be hosting a webinar on how Provident Bank transformed their information protection strategy [link updated to webinar recording]. While it might be a bit of a spoiler, I will let you know that Provident Bank thought enough of classification to make it central to their data protection transformation, as have many other financial organizations. I have worked with a number of different financial services companies, and while each might deal with much of the same kinds of data – payment card information (PCI), personally identifiable information (PII), and intellectual property (IP) – they all had their own unique drivers for implementing classification. It made me wonder — what are the top 5 reasons that financial organizations have asked TITUS to help them classify their data? Here is what I found:

World Data Privacy Day

Wednesday, January 28th, 2015

It’s Data Privacy Day today, and TITUS is participating with other organizations around the world to raise awareness about the need to protect personal data. While much of the focus of Data Privacy Day is on how individuals can protect their data from the mischievous, the opportunist and the criminal, here at TITUS we like to look at it from the other side. How can the bank, the clinic, the department store, the utility, the educational institution, and all of the other legitimate organizations that collect personal details be good stewards of this information?