Why Data Classification Should Change the Way You Think of Cybersecurity

This blog post is an excerpt from GovLoop’s recent guide “Preparing for the Era of Digital Transformation.” In it, we explore five key trends in digital transformation, and provide step-by-step instructions for deploying digital solutions. Download the full guide here.

An Interview with Stephane Charbonneau, Co-Founder and Chief Technology Officer, TITUS

For many years now, cybersecurity has focused on strengthening security tools and networks. Whether that materialized in data encryption, hardware improvements or tighter controls on the backend, the emphasis has always been more on machine-based upgrades.

Even with the rise of cybersecurity trainings in the workforce, employees may still have gaps in cybersecurity education. How, then, can a government organization that handles sensitive data keep its workers engaged and alert?

To improve cybersecurity posture, agencies should think differently about data classification. Rather than isolated training sessions, they should look to incorporate safer practices in the daily workflow. GovLoop spoke with Stephane Charbonneau, Co-Founder and Chief Technology Officer of TITUS, a provider of data classification solutions, to get a better idea of how government can think differently about data classification.

“You have to be able to change the way people think about the information,” Charbonneau said. “Agencies must transform people’s thinking around data — what this information is, what’s the usefulness of the information? That way, we can engage users to be part of the solution and not just rely on the backend system to do it.”

More often than not, the problem starts with employees who either lack education or awareness about cybersecurity best practices. In fact, recent studies show that 66 percent of data protection and privacy professionals felt their employees were the weakest link to developing a strong security posture.

“It’s simple mistakes that lead to big problems, like a worker emailing a document home to finish up an assignment.”

An ideal data classification strategy should be similar to that of a “data custodian.” Rather than lock down information, an agency should try to boost awareness. When an employee forwards an email or attaches a document, for example, the system asks a simple question: “Are you sure you want to do that?” An agency can then log these warnings and monitor employee progress to help manage risk.

“Instead of having a yearly training webinar that employees might just click through, you need training on a daily basis,” Charbonneau said. “Think of cybersecurity training as a seatbelt that people put on. There was resistance at first. Now, you don’t even think twice about putting on that seatbelt when you get in a car. Even though the chances are really low that something might happen, you’re really happy it’s there when that accident does happen.”

Agencies and companies should also pursue data classification practices that comply with regulations like the Controlled Unclassified Information program which standardizes the way the executive branch and other government entities handle unclassified information that requires safeguarding or dissemination controls consistent with government-wide laws and policies. It’s especially critical that your agency’s data policies remain compliant with such laws and security regulations. Even beyond potential fines, non-compliance would open the door to data breaches and the resultant loss in public trust.

Data classification solutions should ideally operate in a hybrid setting as many government agencies are still in the process of migrating to cloud. Solutions like TITUS Classification Suite can help an agency protect sensitive information and classify and valuate data both on premise and in the cloud.

Additionally, consulting services provided by TITUS can help agency leaders educate their workforces on where data should be stored, rather than having the onus of choosing where to store information fall to employees. The crown jewels of data (highly sensitive information) for example, might be more safely kept within the on-premises storage, while less sensitive information would be safe in cloud storage.

Solutions like TITUS Illuminate can also help agencies discover, classify, protect and analyze a company’s data at rest. To keep up with the demands of a mobile workforce, the company also offers TITUS Classification for Mobile.

User-friendly data classification practices will only become more important in the coming years. In 2025, the total digital data on Earth could reach 180 trillion gigabytes. If government wants to run as efficiently and securely as possible, rethinking data classification, cyber education tactics and modern hybrid cloud solutions are excellent ways to start. Learn more about TITUS here.

Leave a Comment

Leave a comment

Leave a Reply