Wednesday, May 8, 2024
HomeProtectData Discovery and Classification at RSA Conference Asia Pacific & Japan #RSAC

Data Discovery and Classification at RSA Conference Asia Pacific & Japan #RSAC

Virtually everyone has seen a bevy of news articles come to light in recent years shedding light on various major data privacy and security breaches – Edward Snowden and the National Security Agency being the most prominent and most hotly debated example. While these breaches can be tremendously damaging for organizations and often those whose personal data is compromised, many of these stories shine a light on another prevalent fact: Insiders continue to cause more data breaches, on average, than anyone else.

There is a vast dichotomy between business realities and privacy needs today. Everyone is a content contributor who is expected to collaborate more, produce faster, and innovate in order to drive business initiatives. In order to have a holistic and effective data privacy and data security program, you must understand that there simply is no such thing as perfect security. Instead, you must adopt a risk-based approach to implementing your data protection program. While that often starts with the legal and compliance team and ends with the CISO, it needs to focus also on a day in the life of your everyday business user.

The Need for Data Discovery and Classification

This type of program is a tremendous task, but also a tremendous opportunity for security and privacy professionals to help enable the rest of the organization to collaborate, contribute, and innovate in ways that are safe for not only the organization but also customers, partners, and external vendors who provide sensitive information through business or agency transactions. Essentially, you must ensure that information is available to those who should have access to it, but protected from those who should not. Best practices for security have traditionally focused on “building walls” around the perimeter to “keep people out” and “keep information in.” However, the challenge with this approach is that, as you build a ten foot wall, your opponent brings an eleven foot ladder. Thus you are always in a defensive mode, looking to outwit an enemy. By understanding what data exists in your information systems as well as classifying and taking action on sensitive as well as stale or redundant content, you add another layer to your security program that not only proactively protects the organization but makes employees more productive with access to relevant data they can actually use.

As organizations think about this dark data and, in particular, information about their customers as an unrealized asset, much of that data may be lost in data silos, file shares, or instant message services or inappropriately shared through social technologies, undiscoverable and unprotected. So what can be seen as a risk may also be viewed as an asset when accessed and protected appropriately. Data tagging and classification allow an organization to gain better insight into and control of the data that they hold and share. Metatags also allow organizations to optimize their e-discovery and record retention programs and at the same time protect and control the flow of information.

Implement an Advanced Risk Framework with AvePoint

From July 22-24, as an exhibitor at the RSA Conference Asia Pacific & Japan in Singapore, AvePoint will be focusing on the four pillars of our advanced risk management framework, introducing best practices to operationalize a data privacy and security program through:

  • Assessment
  • Validation
  • Controls
  • Monitoring

This privacy framework allows organizations to implement operational policies based on real business practices, and to implement validation, controls, and transparent reporting for their auditors and regulators. We will be featuring our risk impact assessment system, Data Loss Prevention (DLP) system, and our new AvePoint File Analysis Solutions – which empowers organizations to understand and control data on their file share systems.

If you’re in Singapore for RSA Conference this week, I encourage you to stop by booth E18 to meet with our team and learn about our latest solutions to support and strengthen the information security and data privacy programs at your organizations.

Dana S.
Dana S.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en Twitter: http://www.twitter.com/danalouise

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More Stories