XYZ Without Classification – is just (weak) XYZ

It is very clear what I’ve been spouting for years – perimeter security technologies WITHOUT end-user guided, steward-approved and maintained classifications result in lack luster performance, capabilities and increased user frustration – making the (significant) investment negated and oft-times ineffectual.

Do you (CIO, CISO, VP InfoSec, SecArch, SecEng, etc.) want to be responsible for a leak, breach or other loss – just because the data was not classified, or was classified incorrectly? Even after spending hundreds of thousands – or millions, on peremeter security tools?

Solid Data Classification – grounded in REAL business terminology, validated by data leaders in your organization is the only way to make DLP, DRM, FireWall, CASB (to name a few) effectual and accurate. Otherwise, all of those tools are just relying on old/inaccurate/non-existent data policies.

Some security vendors are waking up to this finally – I think this is the third or fourth Classification Vendor takeout in a year flat?

Boldon James – £20+ to QinentiQ (2007)

Whitebox Security – ?? to Sailpoint (SAIL) Spring 2015
SecureIslands – 150M? to MSFT (Fall 2015)
WatchfulSoftware – ?? to Symantec (Spring/Summer 2017)
Titus – 100+M to Blackrock (Fall 2017)

and now : Dataglobal – 1.3M to Covata (yesterday)