Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Data Governance Could Help Close Data Classification Gap

Varonis Systems : 15 March, 2012  (Technical Article)
Varonis comments on the classification and management of data and how data governance can be used to solve this issue
Data Governance Could Help Close Data Classification Gap
Commenting on a report just released that says IT professionals in 25 per cent of firms claim a lack of understanding about how to classify and manage their data, Varonis Systems says this is a common problem in most major organizations and is compounded by the steadily increasing volumes of data that must be managed.

According to David Gibson, Director of Strategy with the data governance specialist, the results of the survey – which found there is limited or no understanding of the difference between sensitive information and other data at many of the firms – show that education on data governance issues now needs to extend well beyond IT security.

Managers and financial professionals, he says, need to understand that data governance is now a key requirement of most legal and regulatory issues in large organizations, many of whom are struggling to keep pace with the surge in data volumes, as well as the increasing demand for collaboration.

“The situation is compounded by the fact that around 80% of data held by major companies is unstructured. Our observations suggest that, in many major companies, fundamental controls for unstructured data protection are simply not being implemented or maintained, and without them they don’t know who is doing what, when and where with all that valuable data,” he said.

Gibson went on to say the Protiviti study found that, whilst 69 per cent of companies in the study believe they have a clear data classification policy for categorising data as sensitive, only 50 per cent actually have specific plans for classification. As the report concludes, he says, this suggests there is a possible gap when it comes to data management.

“Actually, I would go further than this. I would say that the results of this survey confirm our own observations that data management is fast becoming a number one concern in major enterprises,” he explained.

“The bottom line here is that a growing number of organizations have hit a wall in regards to traditional data leak prevention technologies. Without fundamental controls that can supply critical context about data usage and access controls, it’s very difficult to move a data classification project much past identifying a lot of files that contain specific patterns.”

Small wonder, then, that 27 per cent of the respondents in this survey had no – or were unaware of the existence of - a crisis plan for a hacking or data leakage incident,” he added.

The good news, adds Gibson, is that effective data governance and automation not only classifies sensitive data, it also quantifies risk by identifying exposed sensitive data, gets the right people involved by identifying data owners and  provides automated recommendations on steps to reduce risk.

“As many IT security professionals are discovering, there is no silver bullet when it comes to data classification and security. Effective data governance starts with – as this report says - improving the differentiation between `sensitive’ data and other information,” he said.

“As the report suggests, companies can significantly reduce their legal, regulatory and reputational risks by implementing appropriate data security policies and practices. Even with the explosive growth in corporate data, which we have tracked at around 650 per cent every five years, it is now perfectly possible to control your organisation’s data without lying awake at night worrying about it,” he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo