Data classification ranks in top 3 security controls

Bloor Research surveyed 200 senior IT security executives in the UK and the US, all with organizations that have more than 1,000 employees.

More than half (54%) of organizations identified data security as a serious or critical concern and many report that their concerns are increasing. Findings also indicate that data classification is one of the critical tools for securing data, ranking in the top three most important security controls for organizations across a variety of industries.

The importance of data classification as a key part of a layered security approach is further underlined by the fact that 52% of organizations surveyed already use some form of data classification tools, with a bias towards US companies.

Principal Analyst at Bloor Research, Fran Howarth said: “Effective information governance is essential for data security and needs to be implemented across the entire lifecycle of information. Data classification policies and tools allow all data to be classified according to its sensitivity and criticality to the organization. Such policies and tools need to be extended to all systems and devices, including mobile devices, the use of which is growing rapidly.”

Martin Sugden, Managing Director of Boldon James said: “Data classification is being seen as more and more critical to organizations as it improves the performance and return on investment of other security technologies such as DLP and rights management. It’s encouraging to see that one of the top drivers for implementing data classification projects is to follow best practice as a primary way to increase user awareness of data security. In terms of user awareness, data classification helps to ensure employees are more aware of the type of information they are dealing with and its value, as well as their obligations in protecting it to prevent data loss.”

Fran Howarth added: “Although malicious data breaches may be of greater concern to respondents, organizations should be aware that insider threats – whether malicious or accidental – can be the most damaging since those internal to the organization have access to the most sensitive information, particularly when they have high levels of privileged access.”

Today’s threat landscape is increasingly complex and sophisticated and the number of security incidents that organizations face will only grow. In order for organizations to safeguard themselves from potential brand and reputational damage and fines, they need to implement effective information governance strategies, incorporating data classification policies and tools to protect information throughout its lifecycle and ensure they are enforced.