Boldon James. The User-Driven Approach: 3 Main Benefits
We’ve seen the introduction to user-driven security, and the three main steps to implementing a user-driven approach to security. The last instalment of this three part series covers the three main benefits to your organisation:
1. Reduces Risk of Losing Sensitive Information
If you know where your sensitive data is, you can control: how it’s protected, where it’s stored and who can access it. As such, the risk of losing sensitive data is massively reduced. Additionally, if you have a policy of, for example, encrypting ‘top secret’ data, it mitigates the damage that can be caused even if the data did end up in the wrong hands.
2. Increases Productivity
Put simply, if users understand the value of the data, they will be able to make quicker and more confident decisions on how to handle it. Equally, in part 2 of this blog series I mentioned DLP tools. These tools are designed, as the name would suggest, to prevent the loss of sensitive data. In practice, what tends to happen is one of two things: 1) the rules are too relaxed, which causes problems with security, or 2) the rules are too strict and block activity from happening, which causes problems with productivity. Allowing DLP tools to read the metadata tags helps to overcome both of these problems.
3. Streamlines the detection and remediation processes involved in a cyber-attack
There are some great tools available that quickly identify data/cyber-attacks and help to remediate them. These tools tend to be driven by algorithms that read log/network information to identify anomalous behaviour, and one of the most important components of these algorithms is context. The metadata tags provided by data classification provide incredibly important context for these tools that impacts the way in which attacks are responded to. To elaborate on this, imagine a cyber-attack has occurred and data has been lost. Wouldn’t it be great if you could also identify, amongst other things, how sensitive the data was and what protection had been applied to it? It would certainly make a conversation with the ICO a lot easier if you could confirm that no data containing personal information had been lost, for example.
Next Steps
Download our fact sheet on business-centric data classification to discover how you can wrap a protective governance shield around your data throughout its lifecycle, blending together best practices in user-driven and automated classification techniques to meet the unique needs of your business today and tomorrow.