As we discussed in my previous article, “Data Retention: In IT We Trust,” data retention is a necessary component of a comprehensive information lifecycle management (ILM) strategy. In this article we will turn our attention to data classification.
Data classification is the essential step towards ILM. Data classification helps organizations know what data they have, where the data is located and how they can access it (if at all). This becomes increasingly important with the uncontrollable growth in unstructured data that appears to push the infrastructure limits to new heights with every technological advance.
There are many tools – Abrevity, Arkivio, Kazeon, StoredIQ, Varonis, etc. – to help with data classification. However, these typically enforce data policies and do not create the organized classes/categories. The actual analysis and identification of the data relationships and long-term relevance has to depend on human intelligence.
Data Classification is an Organizational Need
Data classification brings clarity to business. There is no one way to accomplish that. However, a successful data classification provides several benefits:
- Quicker access to critical data because it can be treated differently
- Lower overall cost of storage by matching data and storage type more effectively
- Enhanced security by segregating and encrypting the smaller data subset
- Separate active from inactive data, reducing the strain on backups (data protection)
- Digital archives (repositories) that are business assets of value
- Opportunity for new business by presenting relevant data to analytical tools
- Data (information) lifecycle management that eliminates redundant, obsolete and trivial [“ROT”] data
Note that we have been using the words ‘data’ and ‘information’ interchangeably. Technically, information is contained in one or more pieces of data, sometimes redundantly. We could destroy a person’s mailbox but still retrieve information about specific events from others mailboxes. To destroy all information (in this example), we would have to destroy all emails referencing the specific events.
Data Classification Speaks to Customer Trust
Organizations that have control over their data also enjoy a higher degree of trust with their customers. This is one strategic reason to establish data classification. The other is balancing risk against loss, theft and compliance. ITIL Information Security Management practices emphasize that confidentiality, integrity and availability [“CIA”] of data and services must match the agreed needs of business.
Every organization must evolve its own classification scheme that lends itself to the relevant attributes. This could mean multiple tools across multiple structured and unstructured data areas: customer data, product information, employee records, databases, email, web, business inputs, application outputs, support logs, call center activity, marketing/finance/HR documents and many more.
Here are some factors to consider for a data classification effort:
- Are we keeping this simple enough for all to follow?
- Is sensitive information isolated from other kinds of information?
- Have we identified the different needs for availability and speed of access?
- How does the data classification for a piece of data change over time?
- Does this help us manage the storage and protection costs?
- Can business users easily locate, archive and retrieve their valuable [digital] assets?
- Will the change in underlying infrastructure affect how data is classified?
Data Classification is not the Function of IT Alone
The business information does not belong to IT, so close collaboration between business/application owner and IT is essential to securing the related data in terms of function, duplication, availability, ownership, sharing, confidentiality, privacy, access, control, liability and retention.
While it is up to the organization to instill throughout “a culture of data recognition for its business value,” companies achieve momentum in this unmanaged area by involving external expertise. IDS brings critical thinking and skills to such endeavors, working with business and IT to take this most important first step in unlocking the value in their data.