• What is Data Classification?

    What is Data Classification? It sounds like a dumb question for the owner of a data classification blog, right? But it’s not as simple as it sounds!

    There are many vendors out there who sell Data Classification software, or at least software which claims to provide Data Classification abilities. Similarly, I talk to new customers in the market for “Data Classification” or working on Data Classification projects, who, when it boils down to it are actually looking for something different all together.

    Let us start by stating that not all software providing Data Classification does the same thing… Sure it’ll all classify your data as some thing, but will it really provide you with the right tools to solve your privacy concerns or help adhere to compliance legislations?

    We must accept that lots of so-called Data Classification tools are provided through other security products, these tools provide classification of data by proxy as it is a necessity to resolve their primary objective.

    Data Discovery tools for example, provide the ability to scan repositories of information to find different types and provide insight on it. To facilitate this, it must categorise or classify the data based on content. Lots of providers will record this information within their platforms and allow reports to be generated based on the classifications and categorisations.

    Data Loss Prevention (DLP) tools will provide a similar experience. Data must be classified so the DLP system can make a decision based on its classification to permit or deny an action being performed against the data. Again, reports on this and actions attempted etc. can be generated from the platform.

    Cloud Access Security Broker (CASB), Insider Threat, Data Access Governance, even encryption platforms can all provide Data Classification in their own terms.

    I do not consider any of these to be true Data Classification!

    For me Data Classification must be user driven or at least accessible in some form. This way all data can be classified as it is created rather then through retrospective scanning of data at rest to achieve a wider objective.

    Data Classification must be persistent. All the aforementioned platforms provide classification solely on their own terms. By that I mean the classifications only matter to them… A true Data Classification platform can insert a classification tag or label which travels with the data. Onto across or inside any other system it may come into contact with. A classification tag which only exists in your DLP provider is no good if your end users are only aware of the classifications when they are being blocked!

    Data Classification must be actionable, similar to the above a data classification which is applied must be query-able by Human Being’s and systems alike. APIs make life easier, but a true Data Classification system will provide a marking or a stamp which the untrained can see at a glance and other downstream platforms can make use of. All without the need for API calls or middleware slowing processes down or getting in the way of completing day to day tasks.

    A true Data Classification platform is not replaced the systems identified above, instead it compliments them!

    To find out more about how HANDD can help you discover the best Data Classification solution for your business needs, contact the team of specialists at HANDD on 08456 434 063.

Securing the Journey of Your Data
A Free Advisory Paper

Download

Get In Touch

Please fill in the form and our staff will get in touch