By Tim Upton, CEO, TITUS
Recent multi-million-dollar cyber heists provide the latest reminder that financial institutions are under constant threat. The data in their vaults is some of the most sought-after in the world. That’s a critical vulnerability that must be addressed for a market that Lucintel estimates will be worth $163,058 billion in 2017.
Data classification helps to address this vulnerability. It enables your institution to discover, identify, protect and analyze your data. Properly classifying information not only creates efficiencies that save time and effort but increases the safety of company and customer data. As you evaluate different data classification solutions, this checklist of questions will help you determine which one will work best for your institution. It is divided into two topic areas: classification features and deployment and infrastructure.
- It is possible to automatically classify files as soon as they are created, moved, downloaded or modified? In addition to enabling users to classify data, the solution should monitor users’ folders to automatically analyze and classify data the moment it is created in, moved to or modified within the folders. This includes the interception of files as they are downloaded from web browsers or email.
- Can I require users to classify email and documents based on policy? In addition to automated classification, does the solution offer both optional and forced user-driven classification? It should be possible to prompt the user to classify or confirm an automated classification under certain conditions (such as when attaching documents to email).
- Can I enable classification and protection on mobile devices? As more and more business is performed from smart phones and tablets, it is vital that data created, stored and sent from mobile devices is classified and protected, as it would be from the desktop.
- Is it possible to discover and classify sensitive data in network and cloud repositories? Strengthen your data classification solution with data discovery. Choose a solution that combines data discovery with data classification, so you know what data you have, where it resides and who has access.
- Does your solution allow the capture of additional metadata information beyond two levels of classification? Rather than being constrained to only one or two levels of classification, future-proof your classification project with support for unlimited metadata values. This extra metadata can be used to support additional use cases such as retention management.
Infrastructure and Deployment
- Do you offer deployment options that meet my requirements, including support for on-premises and hybrid cloud environments? Rather than being forced into a vendor’s deployment model, choose the deployment that best fits your requirements now and in the future.
- Can this be deployed quickly and successfully to large numbers of users? Instead of getting bogged down in high-risk, complex projects or one-size-fits all solutions that don’t truly meet your needs, deploy a solution that can demonstrate its success in large, global financial institutions.
- Do you provide classification-focused support resources to ensure deployment success? Instead of working with a vendor for whom classification is only one piece of a much larger security bundle, partner with a vendor focused on data classification who can provide expert guidance for your project success.
- Do you provide an 18-month roadmap with committed release dates, including maintenance updates and feature updates? A classification vendor should be comfortable sharing their roadmap so that you can provide feedback and plan for future capabilities. They should also have a track record of executing on their promises; ask for a list of previous releases.
- Will you enhance the value of my existing investments? Rather than choosing a solution that locks you into one security ecosystem, look for one that enhances the value of your existing security investments, including DLP and encryption.
In the digital environment, data is the new oil. Cyber criminals continue innovating new ways to access and steal it, and financial institutions are eager to secure it from them. Data classification helps protect data by identifying its value to the business and managing it properly. As an added benefit for the financial industry, data classification helps with compliance regarding the protection and retention of company records. But providers are not one size fits all; be sure to ask the important questions before committing to a solution.