7 Data Classification Tips
Make data classification a part of your total security program.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltb72afff3163ab811/64f0ddda1a256b3467a3514b/DataClassificationCoverArt.png?width=700&auto=webp&quality=80&disable=upscale)
Businesses spend millions of dollars on security technology such as firewalls, sandboxes and endpoint tools, but so many of the breaches have to do with poor policy enforcement and human error.
Greg Hoffer, vice president of engineering at Globalscape, adds that while his company offers secure file transfer software, companies really need to think about how data classification tools can help them find out how much PII they have in storage and set policies surrounding that data.
Todd Feinman, CEO of Identify Finder, an automated data classification company, adds that so often he and his team go into companies and the management has no idea how much data they have and how much of that data has PII or other sensitive information.
“So many IT managers tell me they simply have no idea,” Feinman says. “What I tell them is that they have to ‘know’ their data before they can try to protect it.”
Data classification tools can help companies get answers to these questions and help them set policies and train their employees so they can reduce their exposure to data leaking because of inconsistent policies and human error. In interviews with Hoffer and Feinman about data classification, Dark Reading developed seven tips for security managers to consider.
Asking the basic journalistic questions is a good place to start. Ask the following questions and then set policies around each issue:
Who is allowed to have access to classified data?
What needs to be protected? A pharmaceutical company will want to focus on intellectual property, while a bank will focus on financial transactions.
When, or how long will the company retain records? Will it be for 30 days, six months or up to seven years?
Where will the classified data be stored? On-prem or in the cloud?
Why does the company want to keep the data? Any stored data is a liability, so be careful what you plan to keep in storage.
By asking these questions, the company will start getting a handle on its data issues. The goal is to shrink the amount of data the company stores, reducing liability as well as the potential that data will leak out of the company because it has not set usage policies.
Businesses spend millions of dollars on security technology such as firewalls, sandboxes and endpoint tools, but so many of the breaches have to do with poor policy enforcement and human error.
Greg Hoffer, vice president of engineering at Globalscape, adds that while his company offers secure file transfer software, companies really need to think about how data classification tools can help them find out how much PII they have in storage and set policies surrounding that data.
Todd Feinman, CEO of Identify Finder, an automated data classification company, adds that so often he and his team go into companies and the management has no idea how much data they have and how much of that data has PII or other sensitive information.
“So many IT managers tell me they simply have no idea,” Feinman says. “What I tell them is that they have to ‘know’ their data before they can try to protect it.”
Data classification tools can help companies get answers to these questions and help them set policies and train their employees so they can reduce their exposure to data leaking because of inconsistent policies and human error. In interviews with Hoffer and Feinman about data classification, Dark Reading developed seven tips for security managers to consider.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024