New research that surveyed 200 IT security professionals in U.S. and UK organizations of at least 1,000 employees shows that security professionals in both countries consider data classification a key component of a layered security approach. This is borne out by the fact that 52% of the companies surveyed already use some form of data classification tool.
Fran Howarth, principal analyst at Bloor Research, which conducted the survey, stated: “Effective information governance is essential for data security and needs to be implemented across the entire lifecycle of information. Data classification policies and tools allow all data to be classified according to its sensitivity and criticality to the organization. Such policies and tools need to be extended to all systems and devices, including mobile devices, the use of which is growing rapidly.”
The survey also asked participants to identify actions their organization had taken after a data breach. The top three actions were:
- Tightened security policies – 80.5%
- Invested in security tools – 63%
- Increased user awareness and training – 60.5%
ARMA’s Generally Accepted Recordkeeping Principles® draw attention to the need for employee training in a transparent organization. In the information governance world, the need for transparency (e.g., easily understood procedures, documented processes, user training) must be balanced with the need for information security. There is a role for both in the protection of an organization’s valuable information assets.