Virtually everyone has seen a bevy of news articles come to light in recent years shedding light on various major data privacy and security breaches – Edward Snowden and the National Security Agency being the most prominent and most hotly debated example. While these breaches can be tremendously damaging for organizations and often those whose personal data is compromised, many of these stories shine a light on another prevalent fact: Insiders continue to cause more data breaches, on average, than anyone else.
There is a vast dichotomy between business realities and privacy needs today. Everyone is a content contributor who is expected to collaborate more, produce faster, and innovate in order to drive business initiatives. In order to have a holistic and effective data privacy and data security program, you must understand that there simply is no such thing as perfect security. Instead, you must adopt a risk-based approach to implementing your data protection program. While that often starts with the legal and compliance team and ends with the CISO, it needs to focus also on a day in the life of your everyday business user.
The Need for Data Discovery and Classification
This type of program is a tremendous task, but also a tremendous opportunity for security and privacy professionals to help enable the rest of the organization to collaborate, contribute, and innovate in ways that are safe for not only the organization but also customers, partners, and external vendors who provide sensitive information through business or agency transactions. Essentially, you must ensure that information is available to those who should have access to it, but protected from those who should not. Best practices for security have traditionally focused on “building walls” around the perimeter to “keep people out” and “keep information in.” However, the challenge with this approach is that, as you build a ten foot wall, your opponent brings an eleven foot ladder. Thus you are always in a defensive mode, looking to outwit an enemy. By understanding what data exists in your information systems as well as classifying and taking action on sensitive as well as stale or redundant content, you add another layer to your security program that not only proactively protects the organization but makes employees more productive with access to relevant data they can actually use.
As organizations think about this dark data and, in particular, information about their customers as an unrealized asset, much of that data may be lost in data silos, file shares, or instant message services or inappropriately shared through social technologies, undiscoverable and unprotected. So what can be seen as a risk may also be viewed as an asset when accessed and protected appropriately. Data tagging and classification allow an organization to gain better insight into and control of the data that they hold and share. Metatags also allow organizations to optimize their e-discovery and record retention programs and at the same time protect and control the flow of information.
Implement an Advanced Risk Framework with AvePoint
From July 22-24, as an exhibitor at the RSA Conference Asia Pacific & Japan in Singapore, AvePoint will be focusing on the four pillars of our advanced risk management framework, introducing best practices to operationalize a data privacy and security program through:
- Assessment
- Validation
- Controls
- Monitoring
This privacy framework allows organizations to implement operational policies based on real business practices, and to implement validation, controls, and transparent reporting for their auditors and regulators. We will be featuring our risk impact assessment system, Data Loss Prevention (DLP) system, and our new AvePoint File Analysis Solutions – which empowers organizations to understand and control data on their file share systems.
If you’re in Singapore for RSA Conference this week, I encourage you to stop by booth E18 to meet with our team and learn about our latest solutions to support and strengthen the information security and data privacy programs at your organizations.
