Protecting data in use

Last week, I blogged about data classification and how it's difficult for many organizations to gain control of. The next day SearchSecurity published Data classification is first step in successful data protection, an article that addresses the need to classify data to properly secure it. The trouble with it is the enormous amounts of data we create and getting a grip of it all. I see companies begin new "data classification initiatives" and most have ended up failing within a couples years, followed by a new "improved" initiative. We've also shifted from protecting the devices that hold our data to protecting the data itself. Classifying data helps in every respect towards our goal of information security.

The other day, LonerVamp asks how are you protecting your data in use? In some business units, protecting data through digital rights management is a viable solution for enforcing restrictions; such as the number of times a document is viewed, when it expires, whether it can be printed, etc. It doesn't prevent someone from taking a screenshot or reciting its information, but what else is there to do (technically speaking)?

Posted by Marcin on Wednesday, May 23, 2007 in Privacy and Security.