NIST Privacy Framework : Our Essential Data Protection Guide


‘Tis the Season for Better Data Governance – Start with Data Discovery and Classification

(by Todd Feinman, Spirion Co-Founder and Chief Strategy Officer)

Data Discovery and Classification

The holiday season is typically when data breaches often occur. We’ve seen significant news stories about breaches at Starwood Hotels and Quora. Around the holidays in 2017, it was announced that there was a significant privacy leak at eBay affecting many customers. And, it was just before the holidays in 2013 that Target announced the infamous breach impacting more than a hundred million people.

The list goes on, and with each incident everyone is always asking the same question — Could this have been prevented and how?

Every large brand is acutely aware that securing its data is of foremost importance in today’s world, and that by protecting data you are protecting the brand’s equity. That should be obvious after what we see in the news, however, it’s not always so straightforward. According to the Ponemon analyst report, The Importance of DLP in Cybersecurity Defense, many organizations still believe, “it’s probably not going to happen to me.” The first step toward fortifying one of the company’s most valuable assets — customer or employee data — is to get to know the data better.

While breaches may be inevitable, data leaks are avoidable, and steps can be taken to prepare and strengthen a brand’s crucial security efforts. To “know your data,” means to have a good understanding of where sensitive data is located through data classification. Without this important foundation, organizations cannot know what to protect, where it is, who can access it, when it was created and so on.

What exactly makes data sensitive? Here’s a simple definition: if accessed by an adversary, would create liability. Information of any type can become sensitive data; it’s not just social security numbers and financial information. It’s safe to say that any sizeable company today has considerable sensitive data — and much more than they realize. However, it is unlikely they understand exactly where that data lives throughout their infrastructure and the many ways it could be accessed or compromised.

All of this seems pretty important; however, data and privacy concerns often must get in line behind other pressing priorities for brands such as sales, marketing, expansion, and product expenses. If top leaders have the mindset that “it’s probably not going to happen to us,” then they are likely to shuffle data classification lower in the stack than it should be. Simply put, most organizations are not spending nearly enough time or money protecting their sensitive data.

Problems with Sensitive Data

Sensitive data can pose issues for companies, of those issues there are three that seem to be the stem of most problems. The first issue that arises is how to identify the data and how to locate it within the company database, or sensitive data discovery. With companies having filed and folders filled with documents that are stored within a database or a server locating information can become difficult. Once the data has been found you need to understand how the business will use it and how to protect it in correlation with policies and privacy laws. Finally, you need to be able to observe the risks and assess the risks in association with the trends in how sensitive data is being used against the consumer. If you can do these three things, it gets you on the right path to classifying the data and protecting it.

By taking the first steps, discovery and classification, big brands can create a solid action plan to monitor sensitive data and minimize risks for the future. Once this foundation is in place, you can reduce your sensitive data footprint, give proper access, monitor how data moves and use automated workflows and notifications as best practices to keep your security program strong.

So, to answer the looming question — can breach be prevented and how? The answer is … yes. As I said, breaches cannot be 100 percent preventable, but there are a lot of ways to be proactive and knowing your data is more than half the battle.

Don’t wait for regulations or a data breach to expose your sensitive data before taking action. Practicing good data governance is easier than you think. By knowing your risk exposure, you are halfway there.

Classification Benefits:

  • Users can control the data and take ownership of it.
  • Classification can help make business practices more efficient.
  • It aids in the ability to comply with rules, regulations, and privacy laws. All of this helps to protect the company’s well-being.
  • Classification helps to show expertise and support in the implementation of programs that help ensure data privacy compliance.
  • Awareness in data classification is vital, having a classification protocol in place helps make everyone in the company aware of the protocols aiding in data protection against potential threats and breaches.

While it may be the season for data breaches, unfortunately, and more importantly, ‘tis the season’ to be proactive. May these recent disheartening examples in the news spur brands to act today and take action to protect sensitive data and avoid the far-reaching negative impacts of high-profile data breaches.

At Sprion we understand that security and compliance go hand in hand when looking to protect various types of information from data leakage. Compliance requirements are constantly evolving with the evolution of technology and the trend of hacking. Credit card numbers are one of the most common types of data that are stolen and used without consent. Data stored within a company server can be difficult to discover and classify, but we are here to help. Contact us today to see how we can assist you to protect data that needs to be kept safe.