My colleague, Hugh, has an interesting point in his article on keeping barrels out of the water. I agree that by the time information is out on the network and the IT Security folks don't know whether the data is sensitive or not, the battle is nearly lost. Access control and protection are vital. However, I also think classification is a huge issue as well.
Which brings us back to understanding data in an organization being the "a stitch in time" approach. We need to be able to classify, and identify interesting data. Don't get me wrong - this is a hard problem to address. Too much data, information about them being distributed, end users not being reliable to classify it, the changing business dynamics changing what is sensitive from day to day - all of these make it feel like a Herculean task. Nick Selby from the 451 Group also participated in an interesting Q&A on this.
Maybe the better approach is - start small (as always!). Much of it will be process focusses with help from the technologies currently emerging in this space. Be interesting to see how this area evolves in the future....
Which brings us back to understanding data in an organization being the "a stitch in time" approach. We need to be able to classify, and identify interesting data. Don't get me wrong - this is a hard problem to address. Too much data, information about them being distributed, end users not being reliable to classify it, the changing business dynamics changing what is sensitive from day to day - all of these make it feel like a Herculean task. Nick Selby from the 451 Group also participated in an interesting Q&A on this.
Maybe the better approach is - start small (as always!). Much of it will be process focusses with help from the technologies currently emerging in this space. Be interesting to see how this area evolves in the future....
