Define your data for better document security
3Pages

Define your data for better document security White Paper Define your data for better document security Without document classification in play, it’s impossible to know what to protect. Table of contents 1: Sensitive documents in a mobile world 2: Take control of content 2: Explore controls within documents 3: Conclusion In the previous white paper, “A delicate balance: The competing needs of IT and users in a mobile world,” we discussed the expectations of a highly mobile workforce with regards to documents. Mobile and cloud environments can bring risks ranging from corporate liabilities to enterprise security. Personal devices, along with the rapid growth of file share and sync accounts, have invaded many workplaces as employees use them to transmit and store sensitive company documents. And now, employees aren’t just securely accessing corporate content via mobile devices—they’re also handling new content created on those mobile devices. But the mobile ecosystem also makes workers infinitely more productive, which is one reason that it won’t go away. This white paper explores the question: How can IT govern and protect content in such ad hoc and semi-structured environments? This is the second paper in a three-part series that explores how IT can enable mobile employees to work productively with documents without sacrificing IT’s needs. Part I: A delicate balance: The competing needs of IT and users in a mobile world Part II: Define your data for better document security Part III: How hybrid IT can support enterprise mobility Sensitive documents in a mobile world As organizations support enterprise mobility, protecting electronic documents that contain sensitive information is a challenge with potentially dire consequences. A security incident is expensive, not only from a financial perspective, but also in the loss of customer trust. A recent survey by PWC found that 28.6% of respondents claimed their company suffered financial losses due to a security incident. In terms of documents, many information security solutions attempt to protect electronic content only at its storage location or during transmission. But these solutions do not provide protection for the entire lifecycle of an electronic document. While concerns around accessing corporate information in mobile and cloud environments do not likely apply to all your employees, many organizations have certain worker populations that push boundaries because they: • Work with multiple devices and want to sync files across those devices • Use multiple apps to accomplish work on mobile devices (beyond email or calendar) • Travel frequently • Participate in BYOD programs, where supported These employees are not well served by an IT model that assumes that all employees are behind the corporate firewall, on the same LAN, using the same type of device. You need a model that works in the real world— supporting mobile workers but also protecting files outside the firewall.

Take control of content Data classification is an often-overlooked yet critical component of document security and control. Without document classification, it’s impossible to know which documents need protection. The following table below provides a sample data classification schema for stored and transmitted electronic information. The categories are intentionally simple to increase the ease of use and thus the likelihood of compliance. Data classification Information that is publicly available to any individual without any implications for the organization. Information on the public...

Redaction is a vitally important capability for governments, businesses, and organizations of all types and sizes. It minimizes the likelihood of accidentally including confidential information in publically distributed documents and mitigates the risk of any legal consequences that could follow as a result. Sanitization. Similar to redaction, sanitization focuses on hidden information, including text, metadata, annotations, attachments, layers, and bookmarks, within a document. For regulatory compliance as well as protection of privacy and intellectual property, you need to be confident...