Coding protection directly into your data
Coding protection directly into your data
Data breaches often stem from poorly-managed records. By encoding critical information about the records into the files themselves, companies can create a platform for security, efficiency and cost management.

Look at any folder in your network storage or on a poorly-managed endpoint somewhere. You'll probably see a collection of files containing information that you can't easily identify. How sensitive are they? Who created them and what business processes are they for? This is important to know. 

Data classification embeds that kind of information directly into the files themselves, using metadata tags. These won't be visible when someone opens that file, but suitably-equipped software will be able to read them and make decisions based on those tags.

Managing the data lifecycle

Classifying files in this way provides control over the flow of data through a business. Every piece of business information has a lifecycle. It is created, stored, accessed and shared. Finally, at the end of its life, it is archived or deleted.

Unless administrators manage that lifecycle properly, they may mistreat some data with potentially disastrous consequences. For example, Sweden's transport agency emailed information on every vehicle nationwide to marketers by mistake, leading to a scandal that shook the government at its highest levels. 

Classifying records enables companies to manage the data lifecycle from cradle to grave, and it begins when records are created. By encouraging employees to classify data on creation, managers can engage them and improve their information security awareness by making them think about the sensitivity of the information they are handling.

Coding metadata directly into records helps manage the next part of the data lifecycle: storage. Modern companies have different tiers of storage, including not only fast and slow hard drives, but hybrid and pure flash media, and perhaps optical storage or tape. They may also store data both on their own premises and with a cloud service provider.

These storage media each have their own performance and cost profiles, and their own level of security. Deciding where to store individual records is a time-consuming manual process. Classified data can describe how sensitive it is, enabling storage software to make those decisions consistently and automatically.

Total visibility, total control

Organisations can do more than store their data more effectively with the help of data classification; they can retrieve it more efficiently, too. Storing metadata in all records makes them more visible when sitting on storage infrastructure. Indexing metadata makes it possible to locate files quickly and accurately using enterprise search technologies based on criteria including sensitivity and information type.

Not only does this make internal processes more efficient, but it also makes organisations more responsive to customer needs. It will be easier to satisfy external requests for information from customers, including those made under regulatory mandates like the General Data Protection Regulation (GDPR).

Another kind of enterprise software can also benefit from this embedded information: identity and access management (IAM). It uses employee identity information to grant access to certain systems and data. By mapping employee's security access levels to sensitivity information embedded in a record, the IAM software can automatically decide whether the employee can access it.

Mature security teams can use this metadata to control more than mere employee access. They can make data leak prevention (DLP) systems more accurate by configuring them to query this embedded information rather than simply looking for telltale data formats inside records.

When an employee does send a record to a third party, its metadata can dictate who can access it and for how long. This stops it from falling into the wrong hands.

Taken together, these capabilities create a robust platform for managing the access, sharing and collaboration parts of the data lifecycle. This can help prevent real and present dangers. For example, in the Sweden breach, the transport agency allowed employees from outsourcing contractor IBM to see vital information without security clearance. Properly classified data and well-configured IAM could have helped prevent that.

Competency and compliance

At the end of a record's life, a company may need to archive it for a certain period, or erase it based on regulatory requirements. A classified record's metadata can include the appropriate information to make those storage and archiving decisions, keeping companies compliant with regulatory requirements.

Organisations grappling with data management should not ignore the benefits of data classification. Developing the systems and processes to classify records in this way may seem daunting at first, and the concept does require an upfront investment. 

For many organisations It will be worth it because it is a foundational initiative that will yield rewards in areas including not just security, but IT infrastructure governance and cost management, business process efficiency, and regulatory compliance. 

By making classification a part of your data management regime, you will be able to rest easier at night. You will know that no matter how quickly your business data grows, you have tamed it and made it manageable, providing 360° visibility into your critical information assets.

Contributed by Chris Farrelly, general manager at HANDD Business Solutions

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.