Data Classification Is Key to Data Security

    Mar 24, 2015

    New research that surveyed 200 IT security professionals in U.S. and UK organizations of at least 1,000 employees shows that security professionals in both countries consider data classification a key component of a layered security approach. This is borne out by the fact that 52% of the companies surveyed already use some form of data classification tool.

    Fran Howarth, principal analyst at Bloor Research, which conducted the survey, stated: “Effective information governance is essential for data security and needs to be implemented across the entire lifecycle of information. Data classification policies and tools allow all data to be classified according to its sensitivity and criticality to the organization. Such policies and tools need to be extended to all systems and devices, including mobile devices, the use of which is growing rapidly.”

    One of the benefits of data classification is the impact it has on user awareness. It draws employees’ attention to the sensitivity level of the information they are working, which should result in better protection of sensitive data. Martin Sugden, managing director of Boldon James, puts it this way: “In terms of user awareness, data classification helps to ensure employees are more aware of the type of information they are dealing with and its value, as well as their obligations in protecting it to prevent data loss.”

    The survey also asked participants to identify actions their organization had taken after a data breach. The top three actions were:

    1. Tightened security policies – 80.5%
    2. Invested in security tools – 63%
    3. Increased user awareness and training – 60.5%

    ARMA’s Generally Accepted Recordkeeping Principles® draw attention to the need for employee training in a transparent organization. In the information governance world, the need for transparency (e.g., easily understood procedures, documented processes, user training) must be balanced with the need for information security. There is a role for both in the protection of an organization’s valuable information assets.

    © 2016, ARMA International