Around our office there is a lot of talk about “hybrid Cloud” as we help our customers create strategies to safely migrate from on-premise to cloud storage and applications. A hybrid cloud strategy provides both flexibility and peace of mind, enabling organizations to ease into utilizing the Cloud at their pace. The actual challenge however is not finding the right balance between on-premise and the Cloud, but coping with the multitude of cloud options.
Archive for ‘Protective Marking’
We put a lot of resources into data loss prevention, information classification and cyber security projects in an effort to ensure our information is safe. We have developed sophisticated methods of detecting sensitive information and stopping it from being copied over the network, uploaded to the cloud, copied to USB sticks and even burned to DVDs. But there is still one (low tech) leak that seems unstoppable: paper. What is to prevent someone from printing out sensitive information and then taking it out the door or losing control of it in some other way?
At first glance it may seem there is nothing we can do, but there are steps that can be taken.
October is National Cyber Security Awareness Month. This week, the focus is on creating a culture of cyber security at work. For TITUS, helping to create a culture of security is a cornerstone for our solutions.
Implementing digital and technology security solutions within an organization usually involves several components, including secure network gateways, data loss prevention systems, and encryption. But with the rapid explosion of mobile devices that can store gigabytes of data and the easy access to cloud sync and share services, it is difficult for technology and IT teams to keep up and ensure that users are not accidentally leaking sensitive information. It is essential, therefore, that your users understand digital security risks and correct policies for sharing information.
To foster a culture of security, organizations need a solution that will:
A few years back my wife and I spent a great deal of time and effort writing a business plan. We researched the market place, analyzed the threat from local competitors and built the financial and resourcing plans that would ensure our success. When we were done, we shared the plan with our potential investors (friends and family).
Happily, when we shared our plan it received an enthusiastic response. Unhappily, it was so well received that one of our friends thought to share our business plan with some of his work colleagues.
It’s a common scenario: a large organization invests millions of dollars in a DLP solution, only to leave it in “watch mode” because the rate of false positives is too high to enable full blocking. The result is a DLP investment that becomes a white elephant: a promising technology that does not pay off in actually preventing data loss.
The problem often begins with an over-reliance on automated scanning to prevent data loss. The DLP system is expected to automatically identify all sensitive content, which requires IT administrators to translate business processes and policies into automated rules for every data loss scenario. This is an impossible task, which usually results in overly restrictive rules that block non-sensitive data (false positives) or overly permissive rules that mistakenly release sensitive data (false negatives).
The impact of false positives can be just as detrimental to the business as the data loss caused by false negatives. False positives disrupt business agility and productivity, and can impact collaboration, innovation, and business growth. As well, false positives can actually lead to increased data loss, with users looking for alternative, less secure methods to get around restrictions and carry out their business tasks.
The best way to address this problem is for organizations to identify their information appropriately. The sensitivity of each piece of information must be identified, or ‘classified’. Information classification is crucial for proper handling, and for the ultimate security of an enterprise’s information. Classification provides context to unstructured data such as email and business documents, making it possible for DLP solutions to know how to protect your organization’s sensitive information. (more…)
Most organizations have an established corporate information handling policy to protect sensitive and confidential information. This policy is typically expressed with a classification scheme that describes the handling procedure based on the sensitivity of the material in question. The challenge, however, has been implementing and enforcing this policy; in other words, ensuring that sensitive information is adequately protected on a consistent basis.
To address this challenge, organizations often make large investments in technologies such as data loss prevention (DLP) and information rights management (IRM) solutions. Unfortunately, these technologies are often implemented without classification as a first step, and therefore lack context about the information they are protecting. This results in inconsistent and inaccurate data protection, which increases the organization’s risk exposure, may reduce business velocity, and can make a large infrastructure investment a white elephant.
The solution to this challenge is to make classification the foundation of your information protection policy. Fortunately, implementing a classification policy is actually quite simple. In our new white paper entitled “5 Easy Steps for Implementing a Classification Policy”, we discuss how you can implement – and enforce – a classification policy that will increase user security awareness, enhance DLP and IRM solutions, and protect your organization against data loss. (more…)