Why Do We Want Data Classification?
In this post I am going to discuss some of the reasons why your organisation should be considering a data classification solution and the main solutions available to choose from.
End User Education and Awareness:
Ever since God was a boy we have handled items differently when they have been marked in bold red letters with words such as “GLASS”, “HANDLE WITH CARE” or “FRAGILE”. In fact if you’ve ever moved house, items that aren’t marked with these key words normally get chucked in the back of the van with the rest.
Human interaction with data is no different. Items marked “Sensitive”, “Confidential” or “Top Secret” are statistically proven to be handled with much greater care. Engaging end users and raising their awareness that the data they are processing is of a sensitive nature plays a huge part in the implementation of a successful and robust security strategy.
Enhance Downstream Technology:
I use this phrase quite a lot when it comes to Data Classification but admittedly I hate it. I don’t know why, I think maybe because I am a techie it just sounds a bit fluffy to me. But what does it actually mean?
The way Data Classification works systematically is it injects metadata into your documents and emails. These metadata properties can then be read and interpreted by technologies such as DLP (Forcepoint, McAfee etc) to prevent critical information tagged as “sensitive” from leaving the organisation or being saved to removable media devices.
It can also be accessed by encryption tools such as PGP and Ionic to automatically encrypt data as it moves around the environment, internally and externally.
Then there are Data Governance/Forensics solutions such as Varonis, Stealthbits and other Access Control solutions who can see where the data is stored, who has access to it and who has been accessing it.
So by automatically injecting metadata into your documents and emails you can easily enforce your security policy and automatically apply a greater degree of business context to your data security processes by leveraging existing technologies.
That horrible word, come on… admit it, we all secretly hate it! Why do we hate it? because it means hard work right? Those annoying auditors come in and shake the tree giving security experts more work to do than they care to think about in their already stressed out daily routines. “Why are we fighting auditors when we should be fighting Cyber Criminals?”
Ok, enough now! They do serve an important purpose though. Auditors do a fantastic yet largely under appreciated job, they have our best interests as consumers at heart really. They are there to police and protect our privacy, ensuring organisations are doing all they can to keep our data safe by standardising processes and rooting out unscrupulous behaviour. They confirm that businesses have the correct mechanisms in place to ensure our information is not for sale on some dark web market stall like a piece of meat on a butchers slab in Leadenhall.
In any case with the introduction of a Data Classification solution and a robust policy compliance needn’t be such a dirty word. So, whether it’s GDPR, PCI, HIPAA or any other regulatory body, as discussed above, Data Classification can “enhance downstream technology” *shudder* by categorising your data into structured sets ordered by sensitivity. Thus making much simpler the process of identifying the types of information you want to protect the most.
What Classification Options are Available?
In my opinion there are 4 leading options you should be considering when it comes to classifying your data. They are as follows:
For lovers of all things Microsoft, following the acquisition of Secure Islands in early 2016, Microsoft are now a genuine leading contender in Data Classification and security as a whole. With the extra advantage of being able to truly integrate classification into their world leading Office 365 and a development team like no other these guys really know a thing or two.
Having said that the product does need to look beyond the Microsoft portfolio and into the world of a real life “end customer” where they more often than not tend to have “other stuff”. But when you take a development team on the scale of Microsoft with their financial clout, who would bet against them to turn things round soon and expand the reach of their toolset. The product has come on leaps and bounds already in the first year alone. The advances they have made are second to none but the product in its totality is not quite there yet.
In the world of Data Security there are mergers and buyouts every single day. For Watchful software things are no different following their recent acquisition by Symantec. Due to Watchful’s seamless integration with AD RMS this puts Symantec in direct competition with Microsoft, presenting an on premise RMS management option if you don’t want to entrust all your keys to Microsoft.
Watchful have had some deployment issues in their early days which is fairly normal in this space due to the amount of touch points these products have in your environment. But in more recent releases their product has been a lot more stable having won some global enterprise customers and with the new financial backing and development capabilities of Symantec, who would bet against this product becoming a genuine RMS alternative to Microsoft AIP.
Things are looking up for Watchful and how their offering integrates into the Symantec portfolio is something I will be watching closely as this will be key to their success.
Ever since Mr Boldon met Mr James these guys have been developing world leading security solutions, be it secure email solutions for the military or Data Classification tools for the commercial space.
Having been proven at enterprise level and coupled with a greater spread in terms of applications and client software that their suite can support Boldon James are amongst the leaders when it comes to Data Classification.
Supporting more versions of Microsoft applications and Microsoft operating systems than Microsoft themselves and with a large, skilled development team based in the UK, Boldon James having been coming on leaps and bounds since HANDD first engaged with them many years ago.
With Boldon James there is the flexibility to integrate with other security solutions such as; DLP (most notably and proven, Forcepoint & McAfee), Encryption & Secure Mail solutions (such as Ionic and PGP) and Data Governance/Discovery (Varonis and Stealthbits). Boldon James is flexible, proven scalability-wise for 100 users to over 300,000 users. This flexible integration with a much wider set of security solutions means you don’t need to lock yourself into one particular vendor. (Ahem. I’m looking at you Microsoft!)
Titus is a success story of longevity and are considered by many to be the world leaders in Data Classification. For their history alone they are probably the most experienced, skilled and proven product in this solution area, having been deployed more times than any other.
Titus provide similar Classification capabilities to Boldon James in terms of platforms supported, applications support and the wider data security ecosystem integration capabilities.
Titus have however had their issues in the past around providing a central Admin Console and there had previously been issues with a few quirky bugs, such as opening too many documents on a client machine. That said, they have delivered on their central Admin Console since version 4 and have deployed it to many customers around the world. They seem to have gotten over their buggy days of version 3 and are well on track to truly establishing themselves as the world leaders in Data Classification again.
When you add to the mix a large and ever increasing client base with some unrivalled and exciting newly launched components such as “Illuminate”, a product that can discover and classify your legacy data, you wouldn’t really bet against them sitting on top of the pile again in the not too distant future.
How Do We Do Classification?
This is where HANDD can add endless value to your organisation. When it comes to Data Classification projects, as truly independent experts HANDD are the leaders in Data Classification and experienced in selecting and delivering the right product to meet your business and technology requirements.
HANDD have been educating the market and working with organisations on Data Classification project delivery for nearly 10 years, much longer than anyone else. Over that time our unrivalled experience has built a wealth of knowledge that enables us to advise on the right solution for your organisation.
We have learnt what works as well as what doesn’t work. Our experience gives us an unrivalled knowledge that ensures we are best positioned to get your Data Classification project on track.
Not only selecting the right product, but choosing the right delivery partner is also essential to the successful implementation of a Data Classification solution. These tool sets go way beyond IT and reach out far across your entire business, it is vital that you engage the entire workforce during the process and work with a partner who understands this.
HANDD are independent Data Security specialists who have delivered Data Classification solutions to more than 500,000 end users in the last 12 months alone. We are experienced in deploying the 4 major players in Data Classification and are more aware of the pit falls that you can face as an organisation.
One of the key challenges to implementing a solution that has such a direct impact on the end user is their acceptance. Needless to say the more communication, education and engagement you do with them in the early stages of a deployment, the smoother the project will be in the long run.
If you have stayed with me and read this far, my question to you would actually be, why WOULDN’T you want Data Classification?
Written by Danny Maher
Danny Maher is Chief Technology Officer at HANDD Business Solutions, an independent specialist in global data security