The first protection to be applied to information focuses on ensuring that it is available. Availability is the most basic security feature. If information is not available, it directly impacts the heart of customer satisfaction. In the globalized world we are living in, we are delegating the availability of information to the Internet and the cloud. If we have access to the Internet, we have access to all the information.
Once access to the information assets is available, it must be accurate, secure and must not have been manipulated or altered, that is, it must be Integrates. There are many threats about the alteration of information, but today massive “attacks” with false information (fake news) are very popular and have a difficult solution. Some propose using the Artificial intelligence (AI startups seek to curb fake news) and others propose to use Blockchain (How a New Class of Startups Are Using Blockchain to Tackle Some of the Internet’s Biggest Challenges)
The next level of protection of information assets is the confidentiality of information. That is, that the information classified as confidential must be accessed by those persons who are authorized and for the authorized time. To do this, it is necessary to first identify what information is classified as confidential or restricted access. In a corporate environment, information must be identified as confidential if its unauthorized disclosure can have an effect serious or catastrophic adverse effects on corporate operations, their assets or individuals. This impact analysis will help us identify the information that is at the heart of the organization and that must be controlled access to it. The threats are well known from the news that was popular a few years ago in the world of espionage (Edward Snowden: Leaks That Exposed U.S. Spying Program).
Today, ‘Triple Extortion’ ransomware attacks are on the rise: in addition to Steal sensitive data of organizations and they threaten to disclose them publicly. Unless a payment is made, the attackers now they target the customers and/or partners of the organizations from whom they also demand ransoms. Unfortunately, in the business world, these threats are encountered daily. It is very common for there to be leaks of business-critical information due to industrial espionage, disloyal employees or former employees who move to the competition with the core information of the business. In addition, cybercrime is increasing attacks aimed at all types of companies in which they seek information to hijack it and ask for ransom of the information for money. These smart threats are more common than we think and are aimed at all types of companies.
It is therefore necessary to raise the level of maturity of information security in companies and public entities, raising awareness through the establishment of the Information Classification Policy. Its definition and disclosure help to make the internal staff of companies and public entities aware of the value of information and its protection.
The tools that are used to protect and manage the rights of classified information are called IRM (Information Right Management). Among them is Prot-On as the undisputed leader.Prot-On manages in the cloud the rights of any type of file that has been protonized, i.e. encrypted with Prot-On, Differential feature with respect to other solutions. This functionality makes it easier for companies and public organizations to have control of the protonized information, wherever it is and whoever has it. That is, at any time it can act on the rights of the document, removing permissions or granting new permissions, beyond corporate limits. Other functionalities that make it a leader in the IRM group of tools are the application of policies, classification and tagging automatically, and DLP (Data Loss Prevention) functionalities.