Category Archives: Titus Labs

  • 0

Data Categorization or Data Classification?

Category : Titus Labs

In the last few years there has been a dramatic shift from data classification being “nice to have” to becoming a “need to have”. Behind this momentum, private companies and organizations are implementing data classification using “traditional” taxonomies and schemas that worked for governments and militaries, but don’t necessarily translate well into the workflow or culture of commercial enterprises.

When TITUS started over a decade ago, many of our first customers were large government and military organizations who were familiar with the concept of classification. We all  remember the “secret” and “top secret” rubber stamp with red ink used to classify paper documents and files before the dawn of digital productivity tools. As a result, when government and military customers began to deploy classification, their users were already well educated on the meanings and appropriate use of their classification taxonomies. As classification has moved into commercial enterprises, the template for classification has remained unchanged. As a result, many enterprises have struggled to find a way to align classification labels and policies to meet their own unique needs.

As private industry adopts classification, TITUS has been helping our customers adapt to taxonomies and policies for faster user adoption and more flexible security policy options.

In March 2016, Forrester Research released a report entitled Rethinking Data Discovery and Classification Strategies. This report pushed organizations to start thinking beyond a traditional classification taxonomy focused exclusively on sensitivity (Public, Confidential, Highly Confidential, Secret), into actually using data categories to help determine sensitivity. While some organizations might be able to adopt a standard classification taxonomy, most – particularly those that are highly regulated – struggle to trust that their users will select the right classification. Will they be able to discern when something is sensitive enough to be upgraded from “Internal” to “Restricted”? While we can present users with classification label definitions and even use automated algorithms to provide classification suggestions, there remains a feeling that assigning sensitivity is so new to users that they might not get it right.

This is where the concept of data categorization enters the discussion – rather than asking employees about the sensitivity of the data, ask employees to identify the category of the data. For example, most employees don’t know the difference between “highly confidential” and “confidential”, but they can tell you if a document contains “employee information” or “intellectual property”, or is “approved for public use”. Once the category is assigned by the user, the automated algorithms have new information that can be used (along with the information content, the user profile, and other contextual factors) to automatically assign the appropriate classification.

Categorization can be simple yet powerful. Several TITUS customers have adopted categorization to help them comply with onerous regulations such as ITAR with the simplest of questions: “Does this information contain technical data, Yes or No?” If “No” then move on. If “Yes” then a couple more questions are presented to guide the users to the right selections.

Categorization is another way in which TITUS helps to make sure your classification and data identification initiatives are as simple and successful as possible.


  • 0

TITUS to Provide Solutions to NATO Agencies around the World

Category : Titus Labs

TITUS and the NATO Communications and Information Agency (NCIA) recently signed a joint Master Service Agreement (MSA) that enables TITUS to supply our solutions to NCI Agency, NATO Member Nations and other NATO entities.

Cybersecurity is a major area of concern for NATO, and is considered the fourth domain of operations after air, land and water. NATO and its member agencies know that they need to be prepared to defend networks and operations against the increasingly sophisticated cyber threats and attacks.

Many NATO agencies and projects have already been using TITUS solutions to help classify and secure unstructured data. This agreement will enable NCIA to streamline and standardize on TITUS solutions across the agency, as well as in NATO Member Nations.

“We are pleased to see the continuation and growth of our relationship with NATO,” said Mitch Robinson, President and COO at TITUS. “This agreement will allow us to work even more closely with NATO to help them achieve consistent, effective information protection across their organization.”

TITUS has extensive experience helping military organizations around the world protect their most sensitive information. To learn more, visit our military solutions page.


  • 0

TITUS Classification for Box Governance

Category : Titus Labs

As enterprises embrace a digital transformation strategy, they are innovating how they collaborate with and share data. Leading this charge for enterprises around the world is Box, and today TITUS is excited to be one of the partners included in their journey with security classification for Box Governance!

box_blog-image

In a world where the speed of business is unprecedented, enterprises are turning to Box to help them improve productivity. To ensure collaborators can confidently share their data in these fast paced environments, enterprises rely on data classification to help create a culture of security by raising the awareness of data sensitivity. With security classification for Box, enterprises are now able to easily classify and trigger security policies based on the sensitivity of the data. TITUS can automatically apply Box security classifications as well as metadata to documents and files, enabling classification from the enterprise to the cloud.

TITUS Illuminate already gives organizations the ability to automatically apply classifications to Box metadata templates. The addition of security classifications to Box Governance allows for additional security and control based on the classifications provided by TITUS. So those same organizations that use TITUS Classification to prevent sending an internally classified email to external recipients can now extend this functionality through Box Governance to their Cloud collaboration efforts.

A proud day for TITUS as a member of the Box Partner Program!


  • 0

TITUS Delivers on Vision to Safeguard Information Anytime, Anywhere

Category : Titus Labs

TITUS Classification Suite Offers Customers Freedom of Choice with Support Across Multiple Platforms and Integration with Best-of-Breed Security Technologies

According to Aberdeen Research, data classification and policies about data handling are much less effective if they are not universally applied across the organization. TITUS, the market leader in data classification and protection of unstructured information, today announced the release of the latest version of TITUS Classification Suite, the only solution to offer classification capabilities across numerous platforms and exceptional integration with other best-of-breed solutions. With coverage for Windows, Mac and mobile, TITUS Classification delivers the broadest platform support to ensure that data handling and protection policies are applied enterprise-wide.

TITUS has also enhanced the integration capabilities with Ionic Security. Organizations can now seamlessly integrate TITUS Classification Suite with Ionic Security Protection Suite to classify and automatically secure sensitive email and documents for real-time data protection and policy enforcement.

Stephane Charbonneau, founder and CTO, TITUS, said:
“TITUS has partnered with the leading DLP, encryption, storage and cloud access security broker (CASB) vendors to offer an integrated solution to identify and protect data on-premise or in the cloud. We have now delivered a joint solution with Ionic Security to bring customers a new approach and a new level of confidence in a complex era of data breaches and inadvertent data disclosure.”

TITUS ensures unstructured data is classified based on business value and sensitivity so that it can be shared, stored and handled more effectively by people, processes and technologies. TITUS Classification Suite offers organizations freedom of choice:

  • Choice of Platform – Many organizations have enterprise email installations that include both Windows and Mac. In most, those Mac deployments are on desktops where the most sensitive information resides – executive offices. With new classification capabilities for Mac, TITUS enables organizations to classify data across platforms and mobile devices, offering enterprises comprehensive classification capabilities and the flexibility to work most effectively.
  • Choice of Encryption – In addition to the integration with Ionic Security, TITUS Classification works effectively with other encryption solutions including Microsoft RMS, giving organizations the choice of which encryption solution works best for them.
  • Choice of Security Ecosystem – TITUS Classification Suite integrates with and enhances a wide variety of security solutions that may be currently deployed within any given organization.
  • Choice of On-Premise or Cloud – TITUS Classification supports any enterprise environment scenario, regardless of whether data is in the Cloud, on-premise, or a hybrid of both. By classifying and protecting data at rest, TITUS classification and policy enforcement provide the foundation to enable secure collaboration.

Tim Upton, founder and CEO, TITUS said:
“For over a decade, TITUS has been trusted by some of the largest and most security-conscious government, military and enterprise organizations around the world. Information is everywhere – on Windows and Mac desktops, on mobile devices, in Cloud storage repositories. Organizations need an effective way to classify and protect their sensitive information, no matter where it is stored. Our customers want choice – they want to be able to use and enhance their existing security infrastructure in the most effective way. TITUS has the capabilities and expertise to allow them to do that.”


  • 0

The Illusion of “Basic” Classification

Category : Titus Labs

TITUS account executives encounter many organizations – large and small – who believe “basic” classification is enough. They believe that, because they are just beginning with classification, they don’t need a solution as powerful as TITUS and that they can get by with a simple marking tool akin to a digital rubber stamp. Once we probe deeper into these organization’s unique requirements, workflow, and environment we find that “basic” classification is in fact an illusion.

cybersecurty-shortage-blog

So why do organizations think they need “basic” classification? What do customers mean by “basic” classification? It usually looks something like this:

  • Three to four different classification levels (typically some variation of PUBLIC, INTERNAL, CONFIDENTIAL, and RESTRICTED);
  • A Policy to label the emails and documents with a classification and;
  • A Policy to check that all emails being sent externally do not contain “internal only” information.

At a high level, these “basic” use cases make it seem as though a simple tool is enough.

As we dig deeper into the list of requirements customers soon realize that a simple tool will not meet their needs. Deeper examination typically reveals exceptions, caveats, infrastructure issues, and policy nuances which expose basic classification tools as ineffective. As an example, let’s look at the “basic” classification requirements above in greater detail.

  • Four classification labels is enough… unless you are part of the executive team and need your own “executive level only” classification. Or you are a manufacturing company that needs special labels for the research and design department documents. Now there is a requirement to have targeted classification schemas for different groups.
  • Adding classification labels to emails and documents can be more complicated than initially anticipated.
    The actual requirement is to apply a watermark that includes the name of the user, and only when printing the file. The watermark is irrelevant to the document when stored electronically, so it should be removed when it is saved. Furthermore, we have found that every client wants unique markings and text depending on the file format. (email, document, spreadsheet, presentation etc.).
  • Finally, there is the need to ensure that sensitive or controlled information is not distributed externally. Some customers are bound by export control regulations with simple mandates such as; don’t share technical data with unauthorized recipients. These organizations need to ensure that each user is answering the question “Does the email contain technical data, yes or no?” before the email is sent. TITUS can provide a Yes or No prompt to the user while initiating a more complex workflow behind the scenes. If the user answers “Yes” then TITUS checks all the recipients’ Active Directory attributes to verify if they are United States citizens and therefore approved to receive the email.

In parallel to the citizenship check, the system also needs to check for recipients external to the company. If found, the user will be prompted with another simple message asking for justification for sending the email which can later be used for auditing purposes.

Will the “basic” solution be able to handle even these simple differences and exceptions? Definitely not.

The above use cases don’t even begin to address integration issues with the existing IT infrastructure such as operating system and desktop software variations, DLP systems, encryption technology, mobile devices, and content management repositories. While classification needs often seem to be basic and simple, it takes a powerful solution like TITUS to enforce underlying dynamic policies in a way that is easy for the user.

Classification itself is not hard – especially when it can often be automated. However, achieving the data protection outcomes you expect from your classification initiative does require a level of sophistication that cannot typically be achieved using simple tools even with modest requirements. When planning your classification initiative, don’t underestimate your true workflow, policy, and integration requirements.


  • 0

Do I Really Need a Separate Data Classification Solution?

Category : Titus Labs

key change over the last few years is that classification is now being discussed as part of an overall data security strategy, rather than as a separate project suitable for only certain use cases or industries.

As data classification has become more mainstream, we’ve seen an increasing number of security and cloud vendors adding classification to their product portfolios. This is good news for those of us who believe in the importance of data classification as a foundation for data security. It now means that basic classification capabilities will be built-in for many solutions, especially those in the category of what Gartner calls “Data-Centric Audit and Protection” (DCAP).

blog_image-top-questions

So if classification is built into so many solutions, why do organizations continue to look to vendors like TITUS for data classification? Here’s why:

  1. Industry focus: Organizations are looking for solutions and services that meet the more tailored requirements of their industry. This covers everything from truly understanding the organization’s business challenges to being able to customize the solution to the organization’s use cases and environment. When a vendor has years of experience working with customers in the same industry, they can share unique insights that lead to better project outcomes.
  2. Customer experience: Data classification is a highly visible and impactful technology that requires careful planning for success. Many organizations want the focused expertise of a classification vendor, including the ability to provide classification schema and policy development assistance, a detailed deployment methodology, and classification-focused support resources. This kind of assistance is more difficult to obtain when classification is just a small feature in a larger solution bundle.
  3. Breadth of coverage: Organizations need to identify and protect data wherever it resides – from desktop to mobile to cloud. An enterprise classification solution provides the widest coverage of possible use cases, including support for a variety of email clients, cloud repositories, and file types.
  4. Integration with existing solutions: As organizations move to the cloud, they are looking for solutions that are cloud-ready but will also support their current on-premise investments. Whether it’s being able to administer the solution on-premise, or integrate with on-premise versions of DLP, encryption, and other security solutions, a dedicated classification solution can provide more choice than classification built into another solution.

If you would like to read more about this topic, we recently released a document called “Top Questions to Ask Your Data Classification Vendor.” This document includes a checklist of questions to consider when evaluating classification solutions, and can help organizations determine if built-in classification solutions are “good enough,” or if they need to consider enterprise data classification solutions like TITUS.


  • 0

TITUS Empowers Companies to Meet EU General Data Protection Regulation Compliance Standards

Category : Titus Labs

Robust Data Classification Solution Provides Organizations with a Competitive Edge Through the Protection of Personal Data for EU Residents

The EU General Data Protection Regulation (EU GDPR) will have a significant impact both in the EU and around the world when it takes effect in early 2018. The new regulation has significant implications for organizations, including hefty fines, specific hiring mandates for security personnel, and strict rules for breach notification and liability for violations. Organizations that develop a clear data protection plan will have a competitive edge to help them to build trusted customer relationships and drive business growth. See the TITUS and Forrester Research webinar on “EU GDPR Regulation: How to Kickstart Your Strategy Now.”

TITUS solutions enable organizations to discover, classify, protect and confidently share information and meet regulatory compliance requirements by identifying and securing unstructured data.The following suggestions can help organizations take a proactive approach to compliance with the EU GDPR regulations.

  • Know your data: Understanding your data is the foundation of any security or risk management initiative. Only by knowing what data it has, where it resides, and who has access to it can an organization effectively secure and protect it. With support for automated, system-suggested or user-enabled identity and classification, TITUS gives organizations visibility into their data footprint, embeds metadata directly into the files and gives users the ability to handle data appropriately.
  • Understand your exposure: Once an organization understands its data and where it is stored, it can review its current procedures for processing and storage far ahead of any compliance test. One particular risk to watch for is data recycling and consent. Personal data can only be shared with explicit consent that is specific to the purpose for which the data was collected. Cloud storage or enterprise shared file stores are another risky area. Many cloud storage vendors have their data centers outside the EU, which could pose a problem. TITUS Illuminate scans file stores to identify files with personal data and enables detailed analysis of that data before it is stored.
  • Develop systems to ensure compliance: The EU GDPR encourages “Privacy by Design” which encompasses defined processes, appropriate tooling, employee training and accountability that together ensure appropriate data handling. Organizations should promote a culture of privacy by prompting users to stop, think and consider the personal nature of the information they are handling. TITUS makes users aware of their responsibilities when handling personal information, helping to align user behavior with corporate privacy policies.

Tim Upton, founder and CEO, TITUS said:
“It is vital to any organization that does business with EU member states to understand and be prepared to meet new data protection regulations. We have been tracking the EU GDPR since its inception and have taken steps to ensure that our customers meet and exceed compliance regulations, particularly in the areas of demonstrating accountability, retention and disposal management, and data breach prevention.”


  • 0

TITUS Delivers Data Classification and Protection to the Financial Industry

Category : Titus Labs

Classification Solutions Enable Financial Organizations to Protect and Confidently Share Information, Enhance DLP and Meet Regulatory Compliance Requirements

The worldwide financial services market is subject to multiple data security threats, with one of the biggest compliance and reputational risks coming from employees misusing data. Today at FS-ISAC, TITUS announced it is gaining momentum in the financial services market by delivering on its commitment to helping customers balance the need to share information to achieve their objectives with the need to protect information that is sensitive or critical to their organization.

TITUS enhances data loss prevention for over 100 financial services customers around the world, including:

  • Provident Bank – With TITUS, employees are able to easily and accurately apply classifications on a consistent basis in order to ensure that customer information is effectively protected.
  • UniCredit Tiriac Bank – TITUS Classification works with their existing DLP solution, adding user-driven security to the mix, enabling the organization to classify, protect and confidently share information and meet regulatory compliance requirements by identifying and securing unstructured data.
  • Large North American financial institution – Sought a proven solution to enhance their data security best practices—specifically around the storing, handling and sharing of sensitive information – while improving employee awareness specific to data confidentiality and security.

TITUS empowers users to take responsibility for data security:

  • Identify sensitive data in emails, documents and other file types at the time of creation—on the desktop, on mobile devices and in the Cloud—to help users make intelligent, deliberate decisions on how that information is handled.
  • Apply encryption and RMS to protect intellectual property, customer data and other sensitive information beyond organizational borders.
  • Meet compliance requirements by making users a key part of the strategy. TITUS solutions are used by financial services organizations to help comply with regulations and standards such as PCI, SOX, FINRA, GLBA, EU GDPR, and ISO 27001 and 27002.
  • Collaborate securely by balancing information sharing with information protection. TITUS data classification and policy enforcement enable secure collaboration from desktop to mobile device.
  • Detect insider threats by analyzing how users interact with sensitive information. As users work with email, documents and files, TITUS logs meaningful activities for detailed reporting, analytics and threat detection.

Nathan Horn-Mitchem, VP and Information Security Officer, Provident Bank, said:
“For us, it is all about protecting customer information. When regulators see that we’re classifying with TITUS, they are impressed that we can show with a high degree of confidence that email going out the door is protected. But more importantly, we can assure our customers that their sensitive financial information is safe.”

Tim Upton, founder and CEO, TITUS said:
“The rich policy engine that drives TITUS solutions provides financial institutions worldwide with the tools they need to identify and protect sensitive data, ensuring that users are always aware of the value of the information they are handling.”


  • 0

Discover, Classify, Protect and Analyze Your Data with TITUS Illuminate

Category : Titus Labs

TITUS Automatically Identifies and Classifies Unstructured Data to Prevent Breaches and Meet Governance Requirements

According to a recent Forrester report, data discovery and classification is an often-overlooked yet critical component of data security and control. TITUS, the market leader in data classification and protection of email, documents and other unstructured data, today announced the launch of its data discovery and classification tool, TITUS Illuminate. Already in use by large enterprise organizations, TITUS Illuminate examines and automatically classifies files discovered on-premise as well as in the Cloud. Visit www.titus.com/Illuminate to learn more.

Illuminate features include the ability to:

  • Discover data in network file shares, SharePoint, as well as cloud shares such as SharePoint Online, OneDrive, Dropbox and Box to determine where sensitive data resides.
  • Identify the business value of data so an organization knows what data it has and how it should be protected.
  • Classify any file type based on the content (PCI, PII, PHI or intellectual property), context or file properties (author, location, etc).
  • Apply content protection to files where they reside, quarantine files that are stored inappropriately, or flag files for follow-up where risks are identified based on the combination of content and location.
  • Analyze data with built-in analytics and reports or through third-party business intelligence tools to help identify risk areas for the organization.
  • Integrate with other security solutions such as DLP and ERM that can access TITUS metadata to enforce appropriate protection policies.
  • Work seamlessly with TITUS Classification Suite to enforce rules on files in motion, ensuring the right people have access to the right information at the right time.

Tim Upton, founder and CEO, TITUS said:
“The amount of data being created, shared and stored is growing exponentially, and with people accessing and storing information in a multitude of network and cloud repositories, sensitive data could be anywhere. With TITUS Illuminate, organizations now have a way to easily and effectively discover, identify and analyze all of the files that an organization has stored either within the walls of the company or in the Cloud. TITUS is the only data classification vendor that does this type of comprehensive data inventory and analysis.”


Support