Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • How to Correctly Classify Your Data in 2022
  • Cyber Attacks
  • Data Breach
  • Malware

How to Correctly Classify Your Data in 2022

4 years ago Tripwire Guest Authors
How to Correctly Classify Your Data in 2022

Data classification can feel like an overwhelming task, especially for organizations without a strong practice in place. As with any security approach, data classification is both crucial and tempting to avoid. Regardless of whether the value is recognized, there’s a chance that it gets pushed further and further down the priority list in favor of items that are easier to address.

In this article, we’ll help you build a case for data classification and fill in some important knowledge gaps to ensure your approach is comprehensive. It will require resource investment – time, money, and staff, particularly – but will, in the long run, help organizations avoid costly mistakes.

What is Data Classification, and Why is it Important?

Data is the lifeblood of a modern organization. Your data is crucial for your business to thrive regardless of your industry or offering. As such, ensuring your data is secure and easily accessible to the right people is paramount.

At a basic level, data classification refers to organizing your data by categories to aid in accessing, using, leveraging, and securing it effectively. Proper classification makes your data easier to locate and retrieve when required. It is particularly relevant for risk management, compliance, and data security.

Data classification relies upon best practices for categorization using visual and metadata labels related to predefined criteria. Of course, you can’t classify what you don’t know. To start, you’ll need to focus on data discovery to assess the scope. Data lives in many places in today’s modern world, and it is all equally important. Ensure you’re looking at the endpoint, in databases, on network shares, and in the cloud.

Why is data classification important? Its need is driven by many factors, including governance, industry-specific regulatory requirements (such as HIPAA, GDPR, PCI, CCPA, and others), compliance, IP protection, or the simplification of your security strategy.

Why Data Classification is Foundational

Organizations generate massive amounts of data. Not only that but as cloud adoption and shifts in approaches to work (including hybrid and remote models) grow rapidly, the classification and protection of data take priority.

Recent reports found that over half of organizations have all their applicable infrastructure in the cloud, and nearly three-quarters of companies are hosting more than half of their workloads in the cloud. In 2021, cloud adoption – bolstered by the pandemic and shifts in ways of working – grew 25%.

In environments reliant upon cloud services, data is more available to end users and those who need it. Unfortunately, that also makes data more vulnerable to security threats. Well-designed data classification is vital to data security and governance, including data loss prevention (DLP), enterprise digital rights management (EDRM), and data access governance.

Bad actors target data for exploitation, including ransomware attacks. Phishing and ransomware attacks are a lucrative business, with damages expected to reach $20bln in 2022. With figures like that, it’s clear why organizations and security professionals are investing in data classification. In fact, a reported 72% of security decision-makers have their sights set on data classification implementation.

Data Classification Methods

When selecting a data classification, it is typically a matter of deciding which approach to start with. Each method offers insight into organizational data and can be combined to increase security and mitigate the risk of misclassification, whether unintentional or malicious.

Content-Based Classification inspects and interprets file data for sensitive information. This method includes regular expression and fingerprinting, answering the question, “What’s in this document?”

Context-Based Classification points to applications, locations, creators, or other variables that indicate sensitive information. This approach answers the questions, “How is this data being used?”, “Who is accessing it?”, “Where is this data being moved or transferred?” and “When is the data being accessed?”

User-Driven Classification relies upon end-user or otherwise manual selection based on user knowledge and discretion at the point of creation, editing, or review to identify sensitive data and documents. This method requires a well-defined workflow.

Gartner recommends that organizations use a collaborative approach to combine the above methods. Chief Data Officers (CDOs) should collaboratively define and use classification capabilities to identify, tag, and store all data. A combination of user-driven and automated classification will ensure coverage and reliability.

How to Implement Data Classification in Your Business

As you may imagine, a successful data classification strategy will affect – and rely upon – employees across your organization. Key players include:

CIO & CISO are responsible for all data protection and technical responsibility. It is crucial for both individuals to understand the sensitive data landscape.

Business User Leadership members will understand that data classification increases the visibility and protection of customer and product development data.

Data Creators and End Users should be highly aware of the need to protect data, including the risks and ramifications of data leaks.

Legal and Compliance players are particularly concerned with risks and should be kept abreast of the scope of sensitive data and measures to protect it.

Getting users involved early will support organizational success in data classification, particularly as it affects individuals’ workflow.

Define and Implement Your Policy

As mentioned above, developing and implementing a data classification policy can initially feel overwhelming. Thankfully, the entire process can be broken down into steps to help you (and your organization) see it as a manageable endeavor. The overlying theme to getting started is: start simply. That doesn’t mean simply “start,” but rather start with a simple approach and build from there.

The Digital Guardian (DG) Data Classification & Protection approach offers a data-centric plan comprised of a four-step framework:

Through the DG Data Protection Plan, organizations can protect their valuable data pool from threats (both internal and outsider) by leveraging integration built-in automation while limiting false positives and false negatives.

Combining data discovery and classification, policies, and enforcement, Digital Guardian offers a comprehensive approach to content-, user-, and context-driven data protection.


Stephanie-ShankAbout the Author: Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie Shank is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” How to Correctly Classify Your Data in 2022″ appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Compliance, Encryption, Finance, High Severity, Malware, Medium Severity, Phishing, Ransomware, TripWire

Continue Reading

Previous The ClubCISO report reveals a fundamental shift in security culture
Next High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

More Stories

  • Cyber Attacks
  • Data Breach

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

6 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

10 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

12 hours ago [email protected] (The Hacker News)
  • Data Breach
  • Vulnerabilities

Identity Lifecycle Management Wasn’t Built for AI Agents 

14 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

16 hours ago [email protected] (The Hacker News)

Recent Posts

  • Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
  • Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
  • ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
  • ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
  • Identity Lifecycle Management Wasn’t Built for AI Agents 

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT