The Data Lifecycle

The reality is that you could be spending as much on securing the lunch menu as you are on protecting your customer’s data – Chris Farrelly, General Manager at HANDD.

From the moment of creation, your data sets sail on a journey. The second it sets sail, it becomes a liability. It costs you money in storage, and poses a risk if it falls into the wrong hands. With a thorough understanding of the lifecycle of your data, you have the power to effectively manage your data, minimising risk and reducing cost.

Where Classification plays its part

Modern Data Classification solutions enable the automation of many data management tasks and enhance the performance of third party solutions that read metadata applied during the classification process. This metadata can determine how a piece of data should be treated through each stage of its lifecycle.

Data classification can really ease the load when it comes to handling your data, but it can also enhance the security of your data, and improve your compliance.

The journey of your data

Data creation

Data enters organisations in a number of different ways. It could be supplied by a customer, acquired during a merger, or gathered through a research project.

Data Classification requires users to classify data at the point of its creation to determine how this data should be treated throughout its life. Once classifications have been selected, they are added to files in the form of metadata, and visual cues that remind users of their classification status.

Data classification software can make classification quick and easy with classification toolbars sitting seamlessly within regular software such as Word and Outlook.

Storage and legacy data

35% of IT professionals are kept awake at night by how to store their data securely. (HANDD survey 2017 )

With so many data storage options, it can be difficult to decide which way to go.

Then when you’ve decided where each particular type of data should be stored, how do you ensure everyone follows this policy?

Data classification makes these processes simpler, taking the onus away from users. Once your data has been tagged, your company’s policies around where to store different types of data can be automatically applied, triggering any other downstream protection that should be engaged to protect that particular data file.

So while the office Christmas party memo will be sent for storage in the Cloud, the blueprints for your latest ground-breaking product will be automatically sent for encryption before being stored in your highly secure private server.

And, with more of us switching to Cloud storage, your data classification solution can take the headache out of ensuring your sensitive data is handled correctly in a migration project.

Data access

One of the best ways to protect data is to ensure it’s only accessible by those with the correct permissions. Data management systems screen access to classified data, only permitting access to those with the correct authority.

Identity and Access Management (IAM) solutions can be used to understand the roles and responsibilities of each individual within an organisation. Organising individual user permissions en-masse and using a secure area controlled by logins, it can ensure the right users have the right access to your data. So, your VP can wade through financials whilst your sales assistant is limited to seeing data for their own territory only.

Meanwhile, UEBA (User & Entity Behaviour Analytics solutions) will ensure that any unusual user or entity activity is spotted early, preventing user-driven data loss.

Sharing and collaboration

Security enhancement with data classification goes beyond who can access your data. It extends to how it’s shared, who can share it, and how long it’s accessible for. Particular classifications can be set to trigger downstream protection solutions to ensure your documents are only shared with those with permissions to receive them.

But what about protecting data on the move? The use of MFT alone to securely send data around the world can leave you with a security blind-spot. Whilst you know your data is secure as it moves to the recipient, should your recipient be receiving it?

Classifying data enhances your Managed File Transfer solution, eliminating that blind spot. Using data classification tags, your MFT solution can check the permissions of the recipient with your Data Loss Protection software. Then, if permitted, it’ll send it on, encrypting it en-route using MFT if required and leaving a comprehensive audit trail in its wake. Meanwhile, those documents heading for an unauthorised destination will be stopped in their tracks.

Data being sent somewhere by man behind a desk with a map on the wall (like an incident control room) to another man with MFT as his name card on his desk. MFT picks up the red phone and dials DLP to check if data can be sent. DLP confirms. IRM confirms, DLP shakes his head, MFT guy pushes big red stop button.

Archiving and removal

85% of data we store is redundant, obsolete or trivial. Source: Veritas (Source only for reference, not inclusion. https://www.veritas.com/news-releases/2016-03-15-veritas-global-databerg-report-finds-85-percent-of-stored-data)

The trouble is, manually retrieving obsolete data and deleting it is more labour intensive than storing it. However, storing data costs money and isn’t always secure.

As data volumes continue to increase, the storage and ongoing management of obsolete data becomes increasingly costly and more burdensome to manage. File retrieval can become like looking for a needle in a haystack, taking up more and more of your precious man-hours.

Data classification enables files to be time stamped to facilitate deletion after they’ve been held for the requisite length of time. Other metadata can be used to help us determine obsolete data that can be removed to ensure that zombie data doesnn’t perpetuate, putting your data security at risk.

Deployments

We secure the entire journey of your data, from consultancy and technical design, right through to installation, training and support.

Challenge: Controlling data with vast user access

With over 4000 end users, an Insurance industry client came to HANDD for help. They needed to ensure policy details couldn’t be sent to unauthorised external parties by email. Using data classification, we identified and classified new documents containing policy numbers. Then we integrated the classification platform with the client’s Symantec DLP solution, enabling DLP to work more efficiently to ensure sensitive content only travels to cleared recipients.

Challenge: Managing compliance with large volumes of legacy data

With billions of records to sift through and strict compliance mandates, a global bank needed to get control over their legacy data. First, using a discovery tool HANDD helped them identify their sensitive data and discover where it was stored. Then, we labelled their data using Data Classification. This enabled them to apply protective measures efficiently to their most sensitive files for the first time.

Challenge: Ad-hoc application of protective measures

Staff typing SECURE into email subject lines to trigger downstream protection of sensitive data left plenty of scope for error. At this leading financial services organisation classification was inconsistent and ad-hoc. Security of delivery was unreliable. They contacted HANDD for help improving their classification processes. We implemented a Data Classification solution that would automatically classify emails. Integrating with a message gateway it prevents data falling into the wrong hands.

Challenge: Controlling data with vast user access

With over 4000 end users, an Insurance industry client came to HANDD for help. They needed to ensure policy details couldn’t be sent to unauthorised external parties by email. Using data classification, we identified and classified new documents containing policy numbers. Then we integrated the classification platform with the client’s Symantec DLP solution, enabling DLP to work more efficiently to ensure sensitive content only travels to cleared recipients.

With billions of records to sift through and strict compliance mandates, a global bank needed to get control over their legacy data. First, using a discovery tool HANDD helped them identify their sensitive data and discover where it was stored. Then, we labelled their data using Data Classification. This enabled them to apply protective measures efficiently to their most sensitive files for the first time.

Staff typing SECURE into email subject lines to trigger downstream protection of sensitive data left plenty of scope for error. At this leading financial services organisation classification was inconsistent and ad-hoc. Security of delivery was unreliable. They contacted HANDD for help improving their classification processes. We implemented a Data Classification solution that would automatically classify emails. Integrating with a message gateway it prevents data falling into the wrong hands.

Securing the Journey of Your Data
A Free Advisory Paper

Download

Get In Touch

Please fill in the form and our staff will get in touch