For over a month, information technology departments everywhere have been scrambling to enable work-from-home. The most successful transition plans will recognize that our current situation is both a short-term problem that needs to be remedied as quickly as possible, and an opportunity that offers a chance to produce durable, long-term value.
Even when fully enabled for remote work, most job functions will simply not be facing their typical demands – from either colleagues or customers. As such, and given the generally uncertain and challenging economic conditions, budgets for this enablement have been under heavy scrutiny and pressure to be cost-efficient. However, the lack of business-as-usual means that equipping your workforce to maximize the little business that is being done becomes that much more critical. Crisis mode has begun and time is of the essence.
Top of mind will be the usual security concerns, namely ensuring that perimeter security for endpoints is well established, antivirus software is installed, mobile device management software is enabled, and behavioral analytics software is automatically detecting anomalies. But, it may also be the perfect time to consider a less obvious, but more comprehensive aspect of information security: content-based file analysis and governance.
File analysis and governance has many names, but at its most basic, describes some sort of intelligent, custom, remote analysis of content as it is being created, for the purposes of automatically classifying it and then, eventually, controlling it. The classification could be based on your 200-category records retention schedule, or a 4-step sensitivity rating from public to top secret, or something in-between. Simply put, a technology that tells you what you have, where, in real time.
If you don’t immediately understand the importance of such a tool, it’s worth taking note of current best practices regarding perimeter security. Long ago, it used to be good enough to set up walls around your core network servers in order to repel any access from someone to whom you didn’t affirmatively grant access. The fluidity of information driven by an increasingly mobile workforce and the benefits of utilizing cloud providers made this effort far more complex. Furthermore, the ease with which bad actors can compromise identities have demanded different approaches (e.g., Zero Trust), which require much more real-time visibility into internal network traffic, segments, applications, interactions, and volume. An essential part of that visibility is a trusted, up-to-date, and independently verified classification of data; if you don’t understand your content, you will never be able to adequately protect it.
File analysis and governance affords such an understanding by first indexing data in place, particularly unstructured data in documents and emails; that data is then evaluated across simple criteria such as SSN formats and keywords, or more advanced criteria like a pre-trained machine learning model looking for client data, client interactions, a type of company contract, or even something as specific as abusive sales practices. Advanced file analysis and governance tools will then allow for explicit control of any implicated documents, whether the goal is to protect sensitive or valuable information from attackers, ensure compliance with all relevant regulations, or simply maximize the value of information assets.
If you are scrambling to protect a new laptop as quickly as possible in order to equip a remote workforce that was never designed to be remote, file analysis and governance technology may seem like a “nice to have” when compared with VPN and antivirus. However, the ROI is entirely different. Of course, understanding what you have, both in terms of information assets and information liabilities, is an essential step to getting more granular with information security, but it’s also essential in making your workforce more productive and competitive, whether remote or in-office.
As thousands of new laptops are procured and sent out to people working from home, it’s probably not the time that people will naturally open their ears to “information governance” or “file analysis.” But, it may be the exact time to consider adding on one more layer of business intelligence. This type of technology will not only help enable the here-and-now, but also bring a lasting baseline of content-awareness to ensure your company is not just surviving, but proactively thriving in an increasingly remote and digital work environment.
