Research shows data classification a top security control
The report, which covers a broad range of data security topics, is based on a survey of 200 organisations in a range of industries in the UK and the US, all of whom have more than 1,000 employees. Senior IT Security executives answered an in-depth questionnaire regarding data security in their organisations.
The survey found that more than half (54%) of organisations identified data security as a serious or critical concern and many report that their concerns are increasing. Findings also indicate that data classification is one of the critical tools for securing data, ranking in the top three most important security controls for organisations across a variety of industries. The importance of data classification as a key part of a layered security approach is further underlined by the fact that 52% of organisations surveyed already use some form of data classification tools, with a bias towards US companies.
Principal Analyst at Bloor Research, Fran Howarth said: “Effective information governance is essential for data security and needs to be implemented across the entire lifecycle of information. Data classification policies and tools allow all data to be classified according to its sensitivity and criticality to the organisation. Such policies and tools need to be extended to all systems and devices, including mobile devices, the use of which is growing rapidly.”
Martin Sugden, Managing Director of Boldon James said: “Data classification is being seen as more and more critical to organisations as it improves the performance and return on investment of other security technologies such as DLP and rights management. It’s encouraging to see that one of the top drivers for implementing data classification projects is to follow best practice as a primary way to increase user awareness of data security. In terms of user awareness, data classification helps to ensure employees are more aware of the type of information they are dealing with and its value, as well as their obligations in protecting it to prevent data loss.”
Fran Howarth added: “Although malicious data breaches may be of greater concern to respondents, organisations should be aware that insider threats – whether malicious or accidental – can be the most damaging since those internal to the organisation have access to the most sensitive information, particularly when they have high levels of privileged access.”
Today’s threat landscape is increasingly complex and sophisticated and the number of security incidents that organisations face will only grow. In order for organisations to safeguard themselves from potential brand and reputational damage and fines, they need to implement effective information governance strategies, incorporating data classification policies and tools to protect information throughout its lifecycle and ensure they are enforced.
