Simple ~ Secure ~ Blog

Data Classifications - What are yours?

Data Classification

The Security Manager's Journal in the August issue of Computer Magazine got it right.   The days are gone where companies can protect all their data.  For those of us providing information/cybersecurity services this trend has been building for many years now.  What drives this point home further is Gartner prediction (see press release) that by 2017, half of employers will require employees to supply their own devices for work purposes.

What is your companies data classification policy? If its has not been updated in the past two years then you may have an unrealistic one in place today.  In the Journal's 'Data Classes Meet Real World' article, the particular company's mentioned experienced the limits of their existing classification policy.  For example, they had information that was classified as restricted and in doing so, made it more difficult for company employees to access the information from their mobile devices.  In other words, those devices had to be first connected via a virtual private network; an overly cumbersome burden.

This of course leads to the classic struggle between the business and IT.  Specifically, where IT's security department staff responsible for securing information are pressured to adopt an easier (simply) approach for accessing data. Often, this leads to compromise of a companies existing defense in depth security controls.  So what's the answer?  There is no panacea here but while advances in technology compound this problem, coupling the right technologies together can also solve these issues.

A Simple Secure IT approach can help you if your goal is to have the right balance between data access and security.  For example, many companies already understand that it makes sense to separate company and personal data on their mobile devices.  This is why we now see products from Airwatch and MobileIron on the market today.

But there are other technology solutions out there that can help simplify your approach when deciding which data classifications to use.  Companies such as InstantSecurityPolicy.com which uses a wizard to ask questions and then determines your security policy needs and generates the subsequent policy to meet those needs.

Of course the overall key is using common sense and having the expertise that understands how the business strategy and needs can be aligned with a Simple Secure IT approach.  At Simple Secure IT, a common sense approach based on the four cornerstones of success (Leadership, Vision, Innovation and Persistence) is used to help companies who struggle or just would like to revisit their data classification policy.  Let Simple Secure IT help you Keep IT Simple, Make IT Secure so you can Use IT Everywhere.