ARE YOU OPTIMIZING YOUR CLASSIFICATION STRATEGY?
HOW TO AUTOMATE PROTECTION OF CLASSIFIED DATA
SEALPATH INTEGRATION WITH DATA CLASSIFICATION SOLUTIONS
More and more documentation in digital format is managed and stored in organizations on file servers, document managers, user equipment and devices, etc. A large part of this documentation is critical and may include, depending on the sector, intellectual property, personal data of customers, partners, employees, or financial information such as credit card data.
The more information we store, the higher the risk of not keeping it under control and that critical information or subject to data protection regulations is leaked and potentially causing a serious data loss incident. The risk also rises by increasing the number of locations where we can have it (servers, mobiles, laptops, etc.) and by using more and more means of communication (Email, cloud sharing systems, file transfers, collaborative tools such as Slack, Microsoft Teams, etc.).
HOW HELP YOU A DATA CLASSIFICATION SOLUTION?
One of the objectives of information classification solutions is to identify the business value in structured data at the time of content creation, or once it is stored. It allows to separate the information that is public or less relevant for the business from the sensitive information whose filtration or loss can cause problems to the documentation.
Data Classification solutions divide information into pre-defined groups or categories that share a common risk. These groups must have security controls and associated restrictions. The more sensitive and valuable the business documentation, the more restrictions or controls. Classification tools can promote a culture of protection that makes users more aware of the level of sensitivity of the data they manage (putting visual marks indicating that what is managed is Confidential, Internal Use, etc.).
STEPS IN AN INFORMATION CLASSIFICATION STRATEGY
A data classification strategy defines the following steps, among others:
- Establish classification levels for company information: Among the most commonly used are, for example, the following: Public, Internal Use, Confidential and Restricted or Top Secret. Subcategories can also be created: Financial Data, Personal Data, etc.
- Find out where the organization’s sensitive data is: This is where “Data Discovery” or DLP tools can come into play identifying where you are storing documents with certain contents (Keywords, financial data, etc.).
- Classify the data: It can be done through manual tools, making users classify the data, or automatic tools more prone to false positives (for example, a DLP).
HOW DOES A DATA CLASSIFICATION SOLUTION WORK?
The data classification tools modify the metadata of Office files, PDFs, etc. to label them with a certain level of classification (Confidential, etc.). Through plugins in Office, Outlook, these metadata are used to show users visually the level of classification that has been applied to a given document.
IS IT REALLY EFFECTIVE TO ONLY CLASSIFY DATA?
Data Classification solutions are a means to finally achieve a goal: Avoid or minimize information leakage. The means is labelling to make the user more aware of the importance of the data they are managing, but the end is lost if control and protection mechanisms are not included to prevent these previously classified data from being lost.
An information classification tool alone does not protect the information, nor does it control access to it when the information managed is sensitive. They require IRM (Information Rights Management) / E-DRM (Enterprise Digital Rights Management) como SealPath or DLP (Data Loss Prevention) in order to really prevent or minimise the loss of sensitive information.
We can spend years classifying sensitive information and have it properly catalogued, or use data Discovery tools to tell us what type of data we have in the organization or in which repositories we have financial data, personal data, etc… We can invest in complex processes to determine how to classify certain information based on risk, but all these efforts will be halved if there is not an effective information protection strategy through IRM or DLP solutions.
HOW DOES SEALPATH INTEGRATE WITH DATA CLASSIFICATION SOLUTIONS?
As stated above, when a user classifies a document through a data classification solution, it modifies the metadata of the file to save the selected classification level. This is true for both manual classification solutions and DLP-based automatic classification solutions.
SealPath is able to access file metadata and interpret the classification level. This is true for both documents accessed by users and documents stored on file servers, or document managers.
The SealPath administrator through SealPath Metadata Classifier Manager allows you to join SealPath protection policies with classification tags. In this way, you can, for example, assign the “Internal Use” tag a SealPath protection policy where only internal domain users have access with permission to view and edit the documentation.
Once the SealPath classification label and protection policy are linked, files classified with these labels are automatically protected in the following situations:
- When a user classifies the document, for example, with the “Internal Use” tag, the document is protected at the time of SealPath’s closing with the protection policy assigned by the administrator. The user only needs to classify the document and SealPath automatically performs protection for it.
When SealPath for File Servers monitors certain folders on a file server, or on a user machine, if a document labeled “Internal Use” is detected, it is automatically protected. In this case we must have configured SealPath for File Servers to protect on the basis of classification levels and not on the basis of a specific protection policy.
WHAT ARE THE BENEFITS OF THIS PROCESS?
SealPath provides the following advantages for those organizations that have invested or are investing efforts to have information properly catalogued:
- Comply with the ultimate goal of a classification strategy, protecting data to minimize information loss as we may apply restrictive security controls on particularly sensitive types of information.
- Automate protection based on the classification level without the user having to intervene to protect the document. The user only needs to classify the document.
- Make the most of the classification solutions not only manual, where the user is the one who classifies the documentation, but automatic where for example a DLP labels the documentation with a certain level in the process of “discovery of sensitive information”.
- Allow the most sensitive documentation to travel with persistent protection that accompanies it wherever it travels even when it has left the perimeter of the company. The DLP may also apply rules to prevent confidential information from leaving, but if we don’t want to manage complex rules in the DLP that are prone to false positives, we will always know that once the information is protected by SealPath it will be under the control of the company.
- Track the use of sensitive information wherever you travel: Know who accessed it, if someone tried to access it without permission, and so on.
- Revoke access to the document to certain people internal or external to the organization when needed and in real time. The file can still be classified in the same way, but we can decide in real time who can access and who cannot.
- Manage the protection of large volumes of information on file servers that have previously been classified either manually or automatically. SealPath for File Servers, will go through these repositories and will protect the files in case the level of sensitivity of the information is high.
INTEGRATION WITH ANY MANUAL OR AUTOMATIC DATA CLASSIFICATION SOLUTION
SealPath has an “agnostic” approach with existing data classification tools in the market and can be integrated with Boldon James, Titus, Microsoft AIP, Tukan IT, Janus, etc. etc. Although it works with some of them using APIs, being able to interpret the metadata of the files can automatically protect information classified by these tools.
It also allows integration with automatic data classification solutions that work with file metadata such as McAfee DLP. Also with other DLPs such as ForcePoint or Symantec that, although they do not modify the metadata of the files, they do allow remediation actions based on a violation of a security policy (e.g. detect credit card data in certain documents).
In short, with a metadata-driven protection strategy, SealPath enables easy integration with any classification tool, effectively preventing organizations from leaking sensitive data.
If you have classified information or certain metadata that you want to protect, SealPath is the perfect solution for restricting access to sensitive data in a controlled way.
With SealPath, you can apply effective data controls to minimize information leaks both inside and outside the organization.