Automated policy enforcement, the use of software to ensure sensitive data is protected from human error, is becoming an important weapon in the war on data breaches.
The key tenets of automated policy enforcement revolve around reducing reliance on users to self-direct complex data policies. In doing so, the goal is to eliminate the risk of data breaches that occur because of human error. Though there are many features and logic paths that vary depending on the company and type of data, most automated policy enforcement tools have four key elements in common:
1. Shared file expiration dates
Sensitive information shouldn’t be accessible to recipients in perpetuity. By automatically assigning an expiration date to every shared file, a system can protect against key environmental changes such as a recipient job move or termination. With the right system, users can even shorten the default expiration date on timely information to reduce the likelihood of a breach.
2. Digital watermarks
Understanding where a file originated can be just as important as protecting it, and the two often go hand-in-hand. By watermarking sensitive documents before they are released, an automated policy enforcement system can help users track down the source of a document in the future.
3. Managed access
Though it probably seems like a basic principle for anyone who uses email, a common human error that leads to a data breach is when someone accidentally sends sensitive data to the wrong person via email. An automated policy enforcement system can reduce this risk by limiting sharing behavior to a pre-approved list of recipients. This list should change depending on file type, account, or other key identifying factors.
4. Secured accounts
Protecting user accounts can be as important as making sure the correct policies have been recorded and implemented. Should an account fall into the wrong hands due to a lost device or an insecure password, the entire system can be compromised. It might not be possible to completely automate the ability to keep track of user behaviors or educate them on how to avoid risk – for example, by not using unsecure Wi-Fi, securing devices and workstations, and choosing complex passwords – companies should do their best to automate what they can. For example, a company can implement certain password requirements and expiration dates.
By coupling automated policy enforcement with clearly-written policies that do not disrupt productivity or create resistance in employees’ workdays, a company can significantly reduce the risk of a data breach caused by simple human error.