This is a copy of a blog I wrote jointly with Microsoft. It can be viewed on the Microsoft Windows Server WebLog at
There has been a lot of talk lately about data breaches costing organizations millions of dollars in fines or lawsuits not to mention the bad publicity and other intangible losses. Data Loss Prevention products are being deployed to try to help organizations minimize these types of incidents. Information classification can be used to prevent data breaches and help organizations with compliance requirements such as PCI, HIIPA, ISO 27001, the Massachusetts Data Protection Law 201 and other similar legislation.
The Titus Labs solution can examine the FCI classifications of Microsoft Office attachments, and can apply policy that can restrict the distribution of sensitive information. Titus Labs’ Safe Recipient policies can be used to:
1. Protect the distribution of email within an organization. By examining all the recipients of an email, the Titus Labs policy can verify via Active Directory whether the recipient is allowed to receive attachments of a given classification. This prevents inadvertent data loss by warning the user that one of the recipients should be removed. For example, in an internal scenario, a financial organization may want to ensure that an employee in corporate finance is restricted from sending files classified as MERGER / ACQUISITION to another employee working as a broker or trader.
2. Protect the distribution of email outside the organization. By examining the domain of each of the recipients, the Titus Labs policy can verify that the domain is listed as trusted in the policy and can warn the user of a possible data breach and warn them or force them to change the recipient list. In the following example, the sender has mistakenly selected the wrong Anne Hollingsworth at an external address. The sender receives a warning because the email contains an attachment that has been classified as CONFIDENTIAL / INTERNAL USE.
Invalid recipient is detected based on classification
This is an example of the power of classification to protect your sensitive information.
Comments