TTS 2023 calendar is NOW LIVE. View and Download

IBM’s Hybrid Cloud, AI, and Fixing the Document Classification and Protection Problem

IBM’s Hybrid Cloud, AI, and Fixing the Document Classification and Protection Problem

Last week I attended the IBM event with Fast Company on its hybrid cloud solutions. IBM is unique in that it often populates events like this with customers who talk about how IBM’s solutions are used rather than the far less interesting performance metrics of new hardware, software, or networking solutions. This use of customers to create content is far more compelling than the usual vendor talking head, and, in terms of credibility, people who use a technology are far more credible than those who sell it. In short, IBM’s use of customers to tell the story has for some time been a best practice.

The event mostly focused on how these companies had saved money, reduced costs, and improved their reliability, security, and operations with IBM’s hybrid cloud solutions. The customers testifying ranged from small to very large companies, which additionally showcased the amazing breadth of cloud offerings in general and IBM’s unique hybrid/multi-cloud solution.

But one interesting conversation really caught my attention. I am an ex-Internal auditor and compliance officer. Ironically, when I had that job, it was working for IBM. One of the recurring audit comments was about how employees and executives constantly miss classified documents. The discussion at IBM’s event covered using AI to fix this specific problem.

Let’s talk about that this week. 

The data classification problem and how it is about to get much worse

Virtually every large company has a document and data classification policy. This policy dictates who can see the related document or file without approval and what approvals are needed for certain classified documents. This policy begins with unclassified documents that anyone internally and externally can see and continues to classification levels that, by tier, restrict these documents to fewer and fewer people, with the top classification typically being eyes-only for the CEO and select members of the board, legal or their direct reports.

Documents that are overclassified create operational friction and require approvals that, by policy, are not necessary. On the other hand, under-classified documents expose information to people who have no right to it. People overclassify because they do not understand the policy, or they somehow connect it to status rather than security (I can see it, but you do not qualify). Under-classification is often done to intentionally breach policy without getting caught, and, given audit is a sampling function, people who do this often get away with it.

What is needed is an objective way to automatically classify data.

– Rob Enderle

Read the full article on Techspective.