Last month, I attended the Gartner Security and Risk Management Summit, where I was happy to see data classification covered in many of the Gartner and vendor-led presentations. A key change over the last few years is that classification is now being discussed as part of an overall data security strategy, rather than as a separate project suitable for only certain use cases or industries.
As data classification has become more mainstream, we’ve seen an increasing number of security and cloud vendors adding classification to their product portfolios. This is good news for those of us who believe in the importance of data classification as a foundation for data security. It now means that basic classification capabilities will be built-in for many solutions, especially those in the category of what Gartner calls “Data-Centric Audit and Protection” (DCAP).
- Industry focus: Organizations are looking for solutions and services that meet the more tailored requirements of their industry. This covers everything from truly understanding the organization’s business challenges to being able to customize the solution to the organization’s use cases and environment. When a vendor has years of experience working with customers in the same industry, they can share unique insights that lead to better project outcomes.
- Customer experience: Data classification is a highly visible and impactful technology that requires careful planning for success. Many organizations want the focused expertise of a classification vendor, including the ability to provide classification schema and policy development assistance, a detailed deployment methodology, and classification-focused support resources. This kind of assistance is more difficult to obtain when classification is just a small feature in a larger solution bundle.
- Breadth of coverage: Organizations need to identify and protect data wherever it resides – from desktop to mobile to cloud. An enterprise classification solution provides the widest coverage of possible use cases, including support for a variety of email clients, cloud repositories, and file types.
- Integration with existing solutions: As organizations move to the cloud, they are looking for solutions that are cloud-ready but will also support their current on-premise investments. Whether it’s being able to administer the solution on-premise, or integrate with on-premise versions of DLP, encryption, and other security solutions, a dedicated classification solution can provide more choice than classification built into another solution.
If you would like to read more about this topic, we recently released a document called “Top Questions to Ask Your Data Classification Vendor.” This document includes a checklist of questions to consider when evaluating classification solutions, and can help organizations determine if built-in classification solutions are “good enough,” or if they need to consider enterprise data classification solutions like TITUS. We would love to hear your feedback about this document, so feel free to leave your comments below.