IT Briefcase Exclusive Interview: Machine Learning: The Next Frontier in Data Protection

Featured Interview with Mark Cassetts, SVP of Strategy, TITUS

Deploying machine learning as part an organization’s data protection strategy can provide the critical assistance users need to apply the proper safeguards to data they’ve created without adding friction to their day-to-day activities. Machine learning can go one step further and remove the user from the equation while increasing confidence in your organization’s ability to identify, contextualize and classify its unique data.

In this discussion with Mark Cassetta, senior vice president of strategy for TITUS, we learn why machine learning can provide greater confidence in identifying and protecting critical data.

• Q. Is it true that machine learning is not as proven as human interaction?

A. Data classification companies have traditionally championed the user as the critical element in identifying and then applying proper classification to data they’ve created. The thinking is that they, as creators, are the most knowledgeable as to how valuable their data is and the best security to apply. But that’s not always true. As much as we want people to be our strongest security link, they can benefit from the assistance machine learning provides. In fact, human error speaks to the essential challenge organizations face in deploying data classification and, more broadly, data protection solutions. The good news is that technology such as machine learning has become democratized and is now used pervasively to solve many problems. Adding machine learning capabilities will reduce errors and result in more rapid adoption of a data protection strategy that’s unique to an organization.

• Q. As machine learning becomes more pervasive in data protection strategies, what are the some of the benefits an organization can expect?

A. Machine learning is a new way of thinking about data protection and should be viewed as a journey, not a sprint. Think about when Box and Dropbox entered the collaboration market. They fundamentally and forever changed the way we think of collaboration. Like that example, machine learning is not a feature or a singular solution. It is a market disruptor that marks a new way of thinking about data protection. Machine learning has the potential to change the way organizations protect sensitive data.

The difference between machine learning and earlier data protection innovations is context. This is the first time we’re bringing context into the equation. Context is the reason that traditional data protection and security solutions have relied so heavily on the user. If machine learning can infuse context into data protection, we can start removing the user from the equation.

• Q. What’s the first step in embracing a machine learning approach to data classification?

A. This is a great question, because when I talk about machine learning, the question I get most often is, “How do I get started?” Tactically, the first step will be for an organization to accept that machine learning is a journey and not a destination. At that point, it’s about taking small steps and getting wins around identifying sensitive data that benefits from machine learning. A prime example would be data residing in an HR or legal department. For most of these departments, data is already being categorized based on business processes. Because of that, these departments can often incorporate machine learning fairly quickly and successfully, enabling the broader IT and security organizations to get more familiar with machine learning models before deploying more broadly.

• Q. Describe how a company defines sensitive data

A. When it comes to protecting sensitive data, there is no universal definition of what is sensitive and what isn’t. Most people understand that information such as social security or insurance numbers, banking information and personal health information are confidential. But what about company-specific information such as business plans, business development initiatives, product documentation, intellectual property and other types of data that employees deal with on a day-to-day basis? A few questions organizations can ask themselves as they look to identify their data would be:

– What if this information got into the hands of competitors?

– What if this information became public news?

– What if the entire company had access to this information?

If any of these scenarios causes discomfort, then that information is likely sensitive and should be protected. Though this isn’t a comprehensive list, it’s a good place to start.

• Q. You talk a lot about seamless data protection — can you tell us what that means?

A. When I think of seamless data protection, it means only putting a burden on end users when context is truly something only they can validate. This is a marked change in the data protection and, more specifically, the data classification conversation. Back in 2005, which was when TITUS was founded, data protection and classification were at a place where we really did need users to contribute context every single time. But as we’ve continued to push innovation, and now as we’re adding machine learning advancements, we can start removing that burden and automating further.

• Q. How does TITUS use machine learning to help customers reduce the risk of data loss?

A. It’s become a best practice for data classification to be critical to data loss prevention (DLP), which for most organizations is an essential piece of their overall security strategy. Knowing this, all the major DLP solutions on the market have either partnered with TITUS, attempted to build their own data classification capabilities, or bought another vendor in the market, all of which validates the role of data classification.

While this validates that having end users is critical, the irony is that these same users can also be a vulnerability. With the introduction of machine learning, TITUS enables organizations to ensure the right classification is presented, which can reduce losses and ensure DLP strategies are deployed seamlessly.

About Mark Cassetta

As senior vice president of strategy, Mark oversees the product lifecycle from concept to implementation and customer success. He is passionate about customer advocacy and developing long-term partnerships with our global customers.Since joining TITUS in 2012, he has held positions in marketing, business development and corporate strategy. He has over a decade of experience across application development and enterprise software, managing projects within large-scale technology transformations.Prior to joining TITUS, Mark was a senior technology consultant at Accenture, managing projects within large-scale technology transformations. He holds a bachelor of commerce degree from the University of Ottawa.