The outlook is cloudy: The importance of Data Classification and Data Access Governance tools
By the end of the year 2020 it is predicted that 60% of organisations will use an external service provider’s cloud managed service offering. That is double the amount doing so two years ago.
With cloud adoption not slowing down and even accelerating as a result of the Covid-19 pandemic, organisations can be forgiven for not giving data security the airtime it deserves still.
By taking out a contract with the likes of Google or Microsoft you can be forgiven for thinking that they will take care of security and the risks to your data for you… WRONG!
As illustrated in the above graphic, regardless of where your Data sits, your organisation and IT staff are still responsible for the People, the Data and how those People access that Data.
So, if you have a breach as a result of insecure configuration of the Cloud (think leaky S3 buckets) then it’s not Mr Bezos who shall be leveraging the fine from the ICO. Somewhat unsurprisingly, it is you.
Now more than ever managing those identities, the types of data content you are custodians over and the users accessing it to do their jobs is paramount.
Data Classification and Data Access Governance tools are two of the key pillars of keeping this all-in check. Put bluntly, the Cloud providers will not give you the tools to find out where your PII is, or even worse to perform a SAR al la GDPR…
Imagine a world whereby your data is nicely labelled, labels chosen by users whom the software decides is most likely to understand it.
Even better that software can then provide you recommendations on access to it and alerts on what is happening to it. Take the following scenario for instance, Alice works as a finance assistant, but has seen a vacant position on the corporate intranet she likes the sound of in the marketing department. All goes well and Alice gets the job (yay for Alice!). How can we be sure Alice does not remain accessing files she once had access to in the finance SharePoint site? What would we do if she did?
Similarly, what might happen if Alice went rogue! She wanted to take a slice of that juicy finance data to gossip about to her new trendy marketing friends. “Have you seen the size of Bob’s bonus?”
Providing the right level of data access is IT’s responsibility, so is knowing where that data is. Data Governance, Classification and Data Loss Prevention tools are a triumvirate of solutions that can aid your task of keeping this data under the right restrictions
If you think a Data Governance or Classification solution could help secure your business or want to learn more, get in touch today at firstname.lastname@example.org or phone +44 (0)845 643 4063.