DATA CLASSIFICATION – Protecting the Crown Jewels
If you know you’ve got valuables, you install an alarm system and ensure that entry and exit points are fully secure – shouldn’t you at least do the same for your data?
Increasingly, data classification is being deployed as an effective means to help address risks and enable compliance. An enterprise that implements an efficient data classification programme can understand what data they have, recognise its importance and make informed decisions about how it should be managed, handled and stored. This allows companies to realise a range of benefits that can save time and resources while reducing legal vulnerabilities associated with data leakage.
Data classification serves the need for compliance and risk management requirements as critical data can be identified and protected to meet compliance audits or legal discovery tasks. Another important benefit is in cost savings as the process enables less important data to be migrated or deleted from network storage. By identifying data that will benefit most from classification and by moving it to a location that provides the best storage performance for indexing tasks it helps distinguish mission-critical information and focus on procedures for securing that essential data.
The process essentially assigns a level of sensitivity to data used by an organisation allowing companies to organise their information in a way that corresponds to their specific business needs and values. While classification systems vary depending on user’s requirements, most apply levels corresponding to the following definitions: secret, confidential, restricted (or sensitive) and unclassified.
Management must often spearhead the classification effort with input from every department as data classification is not solely an IT function. While applications exist that can help with data classification ultimately it is a subjective business and is often best done as a collaborative task that considers business, technical and other perspectives.
Justifying a Data Classification Initiative
Enterprise data cannot be adequately protected if there's no way of tracking its location, value and sensitivity and therefore business needs and risk tolerance should be the driving forces behind data classification initiatives. It has been suggested that data classification offers more benefit to larger companies with adequate resources and expertise to manage such an undertaking. However, even small companies can benefit from data classification if they deal with compliance needs and government regulatory requirements.
Benefits of Data Classification Programme
There is no fast-track to data classification but there are solid arguments for why it should be undertaken properly using a manageable, automated and client specific procedure. The raison d’être for implementing a classification initiative should be driven through the strategic benefits in prioritising and optimising the value of the information that organisations hold, access, and manage. In making this leap of faith, an organisation will begin to reap the lasting benefits of data classification as a strategic and necessary data security control.
PixAlert deploy world-class scalable enterprise content audit solutions which help organisations to discover where unsecured, unstructured sensitive information and inappropriate images reside on corporate networks and email correspondence. PixAlert’s Data Classification Solution helps businesses to discover sensitive information and then apply client specific classification controls which enable data to be appropriately stored, handled and secured in accordance with business value and sensitivity requirements. PixAlert’s data solutions assist to reduce risk, maintain compliance and safeguard corporate reputation through proven market leading data discovery technologies www.pixalert.com
Author: Gerard Curtin, CEO, PixAlert - March 2012