Light Dark
January 19, 2016 By Kathryn Zeidenstein 2 min read
Data Protection

We’ve heard the phrase crown jewels a lot lately. We aren’t talking about royalty and alarmed glass enclosures, though. We’re talking about data classification — specifically, the most valuable data in the enterprise. This is the data that, if it falls into the wrong hands, could mean significant damage to a company, government, health care provider or educational institution.

Protect Critical Data

Organizations must prioritize the protection of crown jewels, but any organization worth its salt realizes that data classification will make abundantly clear that there are massive volumes of data that could still cause pain if lost, even though it might be a level or two below crown jewels. This pain could come financially, in terms of regulatory fines and paying for breach protection, and can cause terrible distress to an organization’s clients and customers, such as fraud resulting from stolen health care data or payment information.

The problem is that it can be hard to know such data exists and identify where it is. Even with a stringent governance and privacy policy, can you really say with confidence that there isn’t a team testing with production data or a new application that requires personally identifiable information to register?

It’s not really a strategy to say “if we don’t know it’s there, it doesn’t exist.” You might get lucky and auditors won’t find the violation, but there are those who are much more diligent in probing for your soft spots. That, of course, would be the relentless army of cybercriminals.

Learn more about securing the data that powers your business

The Steps to Classification

Of course, data breaches are part of the risk equation you calculate every day. You might have limited staff working on other high-priority tasks. But isn’t data discovery and classification partly the job of automation? Not always. Here are some considerations to keep in mind as you approach the data classification process:

  • Make a plan and use tools and automated processes to make the job easier. Don’t forget to look at structured data, files and documents.
  • Consider bringing in trusted services to help you create a plan and even do the initial classification work for you. They can also help you become self-sufficient moving forward by putting the correct automation in place.
  • Don’t forget to take the next step and protect valuable data using encryption, monitoring and rigorous authorization and authentication mechanisms. Monitor those entitlements, as well.
  • One more thing! Make sure the applications that access that data are not inadvertently opening the door using a very common attack method, SQL injection.

The important thing is to get started. You might be surprised what you find.

 |  |  |  | 
Kathryn Zeidenstein
Technology Evangelist and Community Advocate, IBM Security Guardium

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature