Did you also binge Squid Game like me?
Well, it’s a dope show. No doubt.
If you haven’t watched it, don’t worry. I am not going to reveal any spoilers.
If you are not into this genre, again, don’t bother. This article is not about Squid Game. I got fascinated with its symbolism. It’s my take on creative analogy to understand the different levels of data classification.
Disclaimer: Please disregard the logic and factual accuracy of the Squid Game. The purpose is to get clarity on how and why data is classified.
For those who have no idea, this is all you need to know in a nutshell.
Squid Game is a Koren TV series about a bunch of strangers who plays a dangerous childhood game to win billion dollars. The masked men in red jumpsuit guard participants. Their mask represents three kinds of symbols – circle, triangle and square. I have created the fourth symbol (star) for ease of understanding.
Why masked men have different symbols?
The symbol represents their level of authority.
The masked men don’t talk with each other. They are not allowed. The simple symbol on the masks drives our adrenaline. Similar visual storytelling happens with data classification. Let’s rephrase the question.
Why do we need to classify the data?
The classification represents the data value, so we know how to protect it for confidentiality and integrity.
The data classification is not about the data. It’s how we look at the data. It’s about the perspective.
A man with a red jumpsuit is merely a guard till he wears the mask with a relevant symbol. Similarly, data is just data till we classify them. Now that we have a context, let’s understand the hierarchy.
Confidential or Proprietary
STAR: The VIPs of the Squid Game.
If you want to destroy the game, you must kill the VIPs (perhaps in Season 2?). In a similar context, hackers are after confidential data such as unreleased movies. Yeah, I am talking about the famous Sony hack.
Confidentiality is the most critical classification of all.
Have you ever wondered why Jason Bourne’s files are TOP SECRET?
Even a little compromise on proprietary data can destroy the brand’s reputation. Eventually, that leads to financial loss. Hence, we need an exceptional level of security controls and user awareness to deal with confidential data.
Your job is not over if you classify the data as confidential. Even the hardware or asset where data resides has to be classified. Back to our VIPs, do you think they travel in Toyota or bulletproof BMW?
SQUARE: Guards in red jumpsuits wearing squares on their masks are managers.
They are not VIPs, but they are the highest authority over other staff members. They mind their business within the island. In a similar context, the data classified as private should reside within the organization, such as employees’ details, payroll and internal processes.
The breach of private data may not be catastrophic, but it can cause severe damage to the organization’s mission and vision. The other way to think is, if anything happens to Squared masked men, the show won’t stop, but it will cause enough damage to continue the game.
We are halfway to understanding the hierarchy.
TRIANGLE: Guards in red jumpsuits wearing triangles on their masks are team leaders.
I found it difficult to differentiate between this classification with private and confidential. It looks the same, but it’s not.
The compromise of sensitive information such as IP address, operating system and internal network details makes it easier to launch the attacks. The damage is not as severe as class 2 and 3, but it’s still serious. Let’s put it into squid game perspective to get more clarity.
The participants never know about the next game, which is supposed to be a secret. Only the guards with square masks know about the next round. The triangle guard may not have information about the next game. However, participants (attackers) can corrupt triangle guards or pretend to be one of them to get information about the next game from square guards. Therefore, it makes sense to restrict participants to have direct communication with triangle guards.
The data has to be classified as sensitive if the possibility of attacks can arise. I hope you got the concept.
CIRCLE: Guards in red jumpsuits wearing circles on their masks are workers.
The task guys in the Squid game do all the hard work. It’s not like they don’t have value. It’s just that we don’t feel their presence. If one of them died or disappeared, the game wouldn’t stop. We feel the same way for all the data we consume in the public domain.
When you read the news, you don’t think about classification, do you?
What about the classification of this article you are reading?
It’s public. It’s not classified.
I have made it public so that everyone can read and learn about data classification. However, there is something important to note.
The company website makes all the information available in the public domain for business and communication. With this classification, they don’t have to worry about the confidentiality of the data. They don’t need to protect the press release or product promotion. But what about integrity?
Anyone can modify public information. How about you open the Apple website and find a new iPhone for just $199?
Please let me know in the comments how can we address the integrity of the public data.