Information Governance Blog

information Governance
03.09.2020

If you don’t work in one-dimension, why should your file classification system?

Perhaps, many years ago, in a corporation… maybe not. Let’s start again. Perhaps, many years ago in the military, it was brutally clear what information was meant to stay strictly classified, particularly top secret. The expression “don’t let it get into the wrong hands” contained no blurry lines. Right from wrong was known to be a simple, clear concept.

And then the Internet was invented, and in the World Wide Web concepts like proprietary intellectual property, copyrights and data privacy require a second, third and fourth look at their terms’ definitions, and more importantly, how we enforce them.

On the “bad” side, there’s the Dark Web, a marketplace for evil where hackers sell people’s private information (and worse). Let’s examine the path to the Dark Web, and how easy we’ve made it for people’s private information to get there.

The easy path to the dark side

Let’s say a company has decided on a remote working environment due to a pandemic, a scenario that would belong to a movie a mere year ago, yet today is our unfortunate routine. Employees’ days are filled with Zoom meetings both with co-workers and external people. Let’s take an innocuous meeting with an outside graphic artist. The marketing employee decides to share a file to show the graphic artist the current branding style. The document is a price comparison with competitors and a powerpoint file of last years’ deals designed for potential investors, both filled with sensitive business information. The documents are located in the marketing manager’s SharePoint enabling him to hover over the documents, right-click, press Share, input the graphic artist’s email, and send. Quiet, efficient, and easy.

But the graphic artist is a one-woman show and doesn’t invest in anti-virus or any other anti-malware tool. Later that week, she inadvertently opens a phishing email, and bam… is hit with ransomware for a large payment or the files will be sold on the DarkWeb. Not a likely scenario? Open the news and see how frequently this happens.  Besides the frequency, the key here is how easy sensitive data can find itself in the wrong hands.

I know, data protection was on your bucket list…

You wanted to embark on that long journey for data protection with a DLP tool, but the path always seemed endless, laden with hours of work. Plus you’ve heard countless stories of employees not using the DLP tool because it’s too much of a bother or the uncertainty of the correct label. And how many times have your colleagues complained that the file label didn’t accurately reflect the level of the sensitivity of the data in the file, and/or that the DLP prevented them from using the file in a way they needed to complete their assignment.

Beyond those complaints, you heard horror stories of the arduous process of DLP implementation, and the long process of writing rules. These rules are aimed to synchronize the conflicts in policies applied to the different business units in the ways they need to use the information yet fail in their mission.

In addition, there is that major obstacle unknown to most people outside of IT, and that is the hardship of categorizing files in your unstructured data repository. All those files sent to internal and external people in an email as an attachment. You see this repository, often known as dark data, as a deep black hole that a DLP tool has no way of accessing or even discovering the data that lies inside.

Just the thought of bringing teams to manually review employee’s emails makes you cringe.

But now you don’t have a choice: Welcome data privacy regulations

Now your priorities have shifted.

Data privacy regulations have taken effect or will be soon and you need to get a handle on your data, all your data, including the unstructured data.

You need to discover, index and segment customer data wherever it lies for your customers, according to the various regulations of many vertical segments. You need to manage this data per site, per country, per server location, and be ready to delete it from all locations in your network upon customer request, and within a short timeframe.

This can be a good thingData privacy pushes the need for data protection

How amazing would it be if the same tool you use to discover and index your files containing customer data, can be used to discover, index and classify your files for better data protection? And for safe file sharing?

How would you feel about a data protection tool that extracts all the detailed entities from every file in your unstructured data to a modeling environment? In that environment, it uses AI to apply all your relevant policies from different realms: Privacy, security and business concerns. Automatically, labels are virtually applied for each file that relate to all the above-mentioned concerns, as per the context, content and user of the file.

Files can have multiple virtual labels, with each one applied per situation and per context. File labels now make sense because they are multi-dimensional, reflecting today’s multi-dimensional work environment’s requirements.

How relieved you would be if I told you that this virtual multiple file label process doesn’t require heavy lifting from you and your team. All you need to do is to outline the policies and let technology take over the process.

How beneficial would it be if you can say confidently that you know upon a glance of a dashboard what lies in your unstructured data? Which files are compliant with privacy regulations and which need to be made compliant? And at the same time, you can see where suspicious changes in access to files can alert your cyber team?

And how fabulous would it be if you could get the CIO Award of the year for demonstrating true information governance for both data protection and data privacy within minutes?

Interested in a deeper dive? Let’s set a meeting.