Data Classification: Questions to Ask Providers
With the proliferation of data sharing applications, mobile devices and remote access, the task of securing data has become too great a responsibility for the IT department to manage effectively on its own. Organizations struggle to understand what data they have and where it is. They also lack safeguards that prevent users from accidentally sharing sensitive content with external parties. Unsecured data leaves organizations open to lost intellectual property, significant fines, loss of investor trust, loss of clients and lawsuits.
This is why data classification has become a critical element of an organization’s security strategy. Data classification enables your organization to discover, identify, protect and analyze your data. Properly classifying information not only creates efficiencies that save time and effort but increases the safety of organizational and customer data.
As you evaluate different data classification solutions, this checklist of questions will help you determine which one will work best for your organization. It is divided into two topic areas: capabilities and logistics.
Use the questions to vet providers to ensure that your organization gets the solution it needs
1.Do you offer the ability to discover and classify sensitive data in network and cloud repositories?
Strengthen your data classification solution with data discovery. Choose a solution that combines data discovery with data classification, so you know what data you have, where it resides and who has access.
2.Can I automatically classify files as soon as they are created, moved, downloaded or modified?
In addition to enabling users to classify data, the solution should monitor users’ folders to automatically analyze and classify data the moment it is created in, moved to or modified within the folders. This includes the interception of files as they are downloaded from web browsers or email.
3.Is it possible to require users to classify email and documents based on policy?
In addition to automated classification, does the solution offer both optional and forced user-driven classification? It should be possible to prompt the user to classify or confirm an automated classification under certain conditions (such as when attaching documents to email).
4.Do you extend classification and protection to mobile devices?
As more and more business is performed from smart phones and tablets, it is vital that data created, stored and sent from mobile devices is classified and protected as it would be from the desktop.
5.Is it possible to capture additional metadata information beyond two levels of classification?
Rather than being constrained to only one or two levels of classification, future-proof your classification project with support for unlimited metadata values. This extra metadata can be used to support additional use cases such as retention management.
6.Are there deployment options that meet my requirements, including support for on-premises and hybrid cloud environments?
Don’t be forced into a vendor’s deployment model. Choose the deployment that best fits your requirements now and in the future.
7.Can this solution be rolled out quickly and successfully to large numbers of users?
Instead of getting bogged down in high-risk, complex projects or one-size-fits all solutions that don’t truly meet your needs, deploy a solution that can demonstrate its success in large, global enterprises.
8.Do you have an 18-month roadmap with committed release dates, including maintenance updates and feature updates?
A classification vendor should be comfortable sharing their roadmap so that you can provide feedback and plan for future capabilities. They should also have a track record of executing on their promises; ask for a list of previous releases.
9.Will the value of my existing investments be enhanced?
Rather than choosing a solution that locks you into one security ecosystem, look for one that enhances the value of your existing security investments, including DLP and encryption.
10.Will I have access to classification-focused support resources to ensure deployment success?
Rather than working with a vendor for whom classification is only one piece of a much larger security bundle, partner with a vendor focused on data classification who can provide expert guidance for your project success.
Data is an organization’s greatest asset, from intellectual property to employee records to customer payment information and more. The disastrous fallout from major name-brand breaches urges organizations to use every means necessary to keep data secure. Data classification is one of those means, and as an added bonus, it can help with regulatory compliance as well. Use the questions above to vet providers to ensure that your organization gets the solution it needs.