Beware the classification trap when securing your data

Too many businesses craft a detailed data security plan that takes years, giving employees little choice but to access data without any controls

1 2 Page 2
Page 2 of 2

Paul Madsen, the grumpy Canadian in that Twitter debate, sided with Festa and further stated that if you had just two categories, you most certainly weren't doing mobile information management (MIM) but mobile application management (MAM). I countered that this two-bucket approach is still MIM, security is centered around the data, and if policy were added to that data we would truly have MIM. Without getting into the details on MIM here, I believe this can be a very workable solution.

The beauty of starting off with two buckets is, as Festa pointed out in his post, you don't need governance to get that far -- you can start right away. But you don't stop once you've defined your two buckets. You then start to break that corporate data bucket down into smaller buckets. One might be regulated data. Another might be on-campus-only data. You can continue to add buckets, but your system is already in place and you have already secured your data. These new buckets let you refine the system and create better APIs to access that data.

The goal for all enterprises should be to free their data. You need to build APIs around your data sets. These APIs should account for all the buckets, taking into account identity and access management (IDAM) while serving as a programmatic way to get at the data. Developers and users write apps to the APIs, which is how they access the data. This preserves the security and policy around the data, which the APIs respect and help enforce.

But most companies today try to crack the whole nut at once. There's an old parable: "How do you eat an elephant? One bite at a time." If companies spend too long trying to get everything perfect, it will be too late. Their employees will find a way around them, so they can use the data they need, when and where they need it, to get their job done.

The only way to enable your employees responsibly and move forward is to take one step at a time. You can always decide in the moment whether you want to walk or run. For securing your data, take that first step before all your employees walk off on their own.

This article, "Beware the classification trap when securing your data," originally appeared at A Screw's Loose and is republished at with permission (© Brian Katz). Read more of Brian Katz's The Squeaky Wheel blog at or at A Screw's Loose. For the latest business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
How to choose a low-code development platform