How to roll out a Data Classification programme

With a growing focus on the need for businesses to understand their data and protect it, the next step is to implement a data classification programme. But where do you start, and how should you get buy in from your staff?

Our data classification specialists have developed a six-step programme to help you achieve data classification success.

1. Classification audit

Review and analyse the current data protection policies and measures you have in place.

  • What solutions are you using?
  • What is driving your need for data classification?
  • How much legacy data do you need to classify?

2. Technical discovery and policy Configuration

Understand the environment and identify the risks involved. Consider:

  • Company culture
  • Policy documentation
  • Solutions on the market

Consider, how your classification policies should be enforced within the selected toolset and the technical and cultural impacts of these on your business. Consider how your classification toolset will be configured:

  • What labels will you use?
  • What type of data classification will you use?
  • How will you integrate your legacy data?

Many companies bring in specialist advice at this early stage to use their experience of large scale data classification roll outs to make the whole process as seamless as possible and avoid any unpleasant surprises later on in the process.

3. Technical and Business Pilot

Thorough testing is essential when rolling out a new solution. This will help you ensure the platform has been designed, installed and configured correctly and works seamlessly with your downstream and upstream platforms.

4. Communications and awareness

How will you foster a culture of security awareness amongst your users? Develop plans to communicate the benefits of the process with your staff. Consider cultural and geographical implications and establish user documentation and support for the roll out process.

5. Training and education

Identifying the training needs and a training plan for user groups at each paygrade will help you achieve buy-in across the company.

6. Solution deployment

A phased roll out will help to make the process more manageable. Consider conducting a review at the end of each phase to identify what’s worked, what hasn’t, and any opportunities for improvement.

  • What labels will you use?
  • What type of data classification will you use?
  • How will you integrate your legacy data?

Data Classification as an ongoing process

Data Classification roll out is an ongoing process. By monitoring your data and identifying risk opportunities you can close gaps in your data protection. Listening to staff will give you a view on the impact the policy is having on their daily lives. Your policy should evolve with time to reflect the feedback and other changes in your business.

Specialist support when you need it

If you need advice on implementing a data classification policy, it’s worth consulting with an independent specialist. Working with more than 500 clients in 25 different countries looking after data classification projects for 45% of the FTSE 100, HANDD’s team of experts are perfectly placed to advise you in:

  • Data Classification audit
  • Policy review
  • Policy design
  • Data Classification audit
  • Implementation
  • Communications across your company
  • Training and education of your users and administrators.

And, as independent consultants, you can be confident that they’ll help you find the right Data Classification solution for you.

Deployments

We secure the entire journey of your data, from consultancy and technical design, right through to installation, training and support.

Challenge: Controlling data with vast user access

With over 4000 end users, an Insurance industry client came to HANDD for help. They needed to ensure policy details couldn’t be sent to unauthorised external parties by email. Using data classification, we identified and classified new documents containing policy numbers. Then we integrated the classification platform with the client’s Symantec DLP solution, enabling DLP to work more efficiently to ensure sensitive content only travels to cleared recipients.

Challenge: Managing compliance with large volumes of legacy data

With billions of records to sift through and strict compliance mandates, a global bank needed to get control over their legacy data. First, using a discovery tool HANDD helped them identify their sensitive data and discover where it was stored. Then, we labelled their data using Data Classification. This enabled them to apply protective measures efficiently to their most sensitive files for the first time.

Challenge: Ad-hoc application of protective measures

Staff typing SECURE into email subject lines to trigger downstream protection of sensitive data left plenty of scope for error. At this leading financial services organisation classification was inconsistent and ad-hoc. Security of delivery was unreliable. They contacted HANDD for help improving their classification processes. We implemented a Data Classification solution that would automatically classify emails. Integrating with a message gateway it prevents data falling into the wrong hands.

Challenge: Controlling data with vast user access

With over 4000 end users, an Insurance industry client came to HANDD for help. They needed to ensure policy details couldn’t be sent to unauthorised external parties by email. Using data classification, we identified and classified new documents containing policy numbers. Then we integrated the classification platform with the client’s Symantec DLP solution, enabling DLP to work more efficiently to ensure sensitive content only travels to cleared recipients.

With billions of records to sift through and strict compliance mandates, a global bank needed to get control over their legacy data. First, using a discovery tool HANDD helped them identify their sensitive data and discover where it was stored. Then, we labelled their data using Data Classification. This enabled them to apply protective measures efficiently to their most sensitive files for the first time.

Staff typing SECURE into email subject lines to trigger downstream protection of sensitive data left plenty of scope for error. At this leading financial services organisation classification was inconsistent and ad-hoc. Security of delivery was unreliable. They contacted HANDD for help improving their classification processes. We implemented a Data Classification solution that would automatically classify emails. Integrating with a message gateway it prevents data falling into the wrong hands.

Securing the Journey of Your Data
A Free Advisory Paper

Download

Get In Touch

Please fill in the form and our staff will get in touch