Enterprise Data Classification: Why you need best-of-breed data classification
The data protection landscape and its associated compliance environment changed fundamentally with the implementation of the European-wide GDPR in May 2018, with many other privacy regulations following suit around the globe. It is no longer about what organizations think they need to be doing in order to control their data, but that they are being told what they need to do by regulators such as the ICO. Since the implementation of such data protection regulations, record fines have been issued, and these serve as a clear statement across the board that organizations simply cannot afford to ignore or fail in their data protection compliance obligations.
The main (but not the only) reason that organizations look at classifying the data they create and handle is to ensure that sensitive information can be controlled. A big part of designing a classification policy is understanding what data is sensitive, what is less so, and what is not. Who should have access to this information, and whether you should be holding that information, archiving or deleting it.
Organizations have myriads of relationships with external supplies, partners and vendors. When designing a classification policy, other aspects need to be taken into account, such as the way we communicate with external organizations. Just as organizations thrive from inter-dependent relationships, so should their data security tools. Classification has the ability to make so many other tools much more effective, whether that is DLP, discovery, RMS and many other applications that are considered important in the fight to keep data secure. Just as there is no “one-size-fits-all”, there is also no “one-stop-shop” – no single solution or magic bullet. Instead, what is important is how the best-of-breed tools can work together to create a seamless and highly effective solution.
There are vendors today offering “one-size-fits-all” security solutions (such as Microsoft) which as a result, only support very basic classification (or labeling) functionality. This is a weak foundation for such a fundamental security component, and this approach causes more pain downstream as your business grows and evolves, and more granular classification requirements emerge.
The challenge for organizations today is to successfully negotiate complexity with a classification policy that works, and a tool that is incredibly flexible and configurable, but still easy to use. A best-of-breed classification tool should not be complex to work with, it should in fact, hide complexity. It should fit seamlessly into how end users work on a day-to-day basis. The bottom line is that complexity will not go away, and if you are having to design a classification policy around the limitations of a classification tool, then frankly, you are using the wrong tool.
Whether it is roadmap flexibility, technology integration and interoperability or support for applications and file types, your classification vendor choice must support the needs of your organization not just now, but well into the future.