Confidential or privacy data exists in emails, documents, spreadsheets, PDF’s, presentations, instant messaging, even tweets. Rectifying data breaches and the erroneous publication of confidential information, whether internal or external, can not only be extremely costly but can negatively influence the image and brand of the organization. Particularly if it involves consumers or the government as we continue to see.
What are the typical challenges of information security?
• Lack of tools to identify all possible privacy data exposures at the time of content creation, modification, or ingestion
• Lack of end user compliance to segregate content from the network and ensure that uploaded privacy data is not available for general access and protected accordingly
• Lack of governance to enforce the accurate metadata tagging of documents based on content by end users
• No standard process that addresses all aspects of data privacy that are unique to the organization
• Inability to automatically identify privacy and confidential data risks in real time
• Inability to ensure protected data assets are subject to portability and security controls
Most security applications will address the identification of information such as a social security number. But every organization is unique, with their own nomenclature. Most applications aren’t that flexible to include phrases, similar concepts, or reflect the vocabulary. Once identified obviously they must be contained, removed from unauthorized access, and secured from download.
How do you handle? Do you have a security application? Does it do the job? Have you had any security lapses from posting confidential information? What else would you add to the list?