​Data Classification: the first step in securing your intellectual property

Don’t let your company become the next ‘Ashley Madison’

The notorious Ashley Madison hack should make every organisation that holds data (ie every company on the planet) look very seriously at their data holdings. The moment that you enter someone’s details into your organisation’s database, you are responsible for ensuring that those details remain private and confidential. Not only is this a responsible business practice but, in most countries, it is the law. So if you get hacked and your data is compromised, you could be liable for prosecution…not to mention your company’s name in the papers for all the wrong reasons.

“Most tightly-regulated enterprises such as finance, healthcare and central governments have a pretty good handle on the types of data they hold and how sensitive they are,” says Gary Gardiner, Fortinet’s A/NZ Director of Engineering & Services, “but many other companies don’t really have an understanding of what their obligations are to secure their databases. For instance, a retail shop might hold personal details from a loyalty programme or a mail order house might have thousands of credit card numbers. These databases have to be secured.

“And it’s not just personal information,” he continues. “Any confidential or proprietary intellectual property, such as proposals, customer relationship management reports, strategic plans and the such, while not necessarily covered by privacy laws, should be kept away from prying eyes. And to complicate things, once you start storing data in the cloud or in third-party datacentres, you start to lose control of your data stewardship authority. It can be unclear where your responsibilities start and stop.”

Metadata: the unsung hero of responsible data protection

Perhaps the most important step you can take when securing your databases is to classify them. “Not all data carries the same levels of value to your organisation,” notes Gardiner. “Some data, such as financial, client and personnel records, needs to be highly-protected. Other files, such as internal communications, marketing materials, etc, isn’t nearly as sensitive. So there is no sense in treating all of your data the same. This data hierarchy can impact storage as well. Some data needs to be stored for fast access ‘in memory’ while other data can be held in tape archives.”

The key to all of this is metadata. “Metadata is information about information,” explains Gardiner. “Well-designed and maintained metadata descriptors can have a huge positive impact on your data security strategy. Metadata can contain fields for privacy and sensitivity (ie public, private, classified, highly-sensitive), date of capture, data lineage (ie what processing has been done to the data), levels of access (which company roles can access and/or modify the data) and, importantly, when the data can be safely deleted.”

Match the cost of data security / storage to their value

Data audits are becoming increasingly important as organisations struggle to secure and store order-of-magnitude database growth. “The advent of business intelligence, data marts and big data means that organisations capture data once and then propagate them throughout the system. Storing and securing data is expensive. Best practices suggest matching your security/storage expenditures to the value of the data to your organisation. Metadata is an enabler for cost-effective and thorough data audits.

While the costs of storing and securing data are decreasing with new technologies, such as deduplication and security-as-a-service, they are still a major outlay. “Anything you can do to drive down your data protection overheads while ensuring highly-secure access for authorised staff is a smart move,” concludes Gardiner. “The tools are out there. It’s just a case of knowing what to do and then making it happen. These issues will not go away…indeed they are becoming more critical. So don’t become an Ashley Madison. Secure your data to secure your future.”

Join the CSO newsletter!

Error: Please check your email address.

Tags ​Data Classificationdata securitystorageintellectual propertydata protectionCSO Australia

More about Fortinetindeed

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Phil Parent

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts