Data classification enables your organization to discover, identify, protect and analyze your data. Properly classifying information not only creates efficiencies that save time and effort but increases the safety of organizational and customer data. As you evaluate different data classification solutions, this checklist of questions will help you determine which one will work best for your organization. It is divided into two topic areas: classification capabilities and infrastructure and deployment.
1. Can I automatically classify files as soon as they are created, moved, downloaded or modified?
In addition to enabling users to classify data, the solution should monitor users’ folders to automatically analyze and classify data the moment it is created in, moved to or modified within the folders. This includes the interception of files as they are downloaded from Web browsers or email.
2. Can I discover and classify sensitive data in network and cloud repositories?
Strengthen your data classification solution with data discovery. Choose a solution that combines data discovery with data classification, so you know what data you have, where it resides and who has access.
3. Can I force users to classify email and documents based on policy? In addition to automated classification, does the solution offer both optional and forced user-driven classification?
It should be possible to prompt the user to classify or confirm an automated classification under certain conditions (such as when attaching documents to email).
4. Can I capture additional metadata information beyond two levels of classification?
Rather than being constrained to only one or two levels of classification, future-proof your classification project with support for unlimited metadata values. This extra metadata can be used to support additional use cases such as retention management.
5. Can I enable classification and protection on mobile devices?
As more and more business is performed from smartphones and tablets, it is vital that data created, stored and sent from mobile devices is classified and protected as it would be from the desktop.
Deployment and Infrastructure
6. Do you enhance the value of my existing investments?
Rather than choosing a solution that locks you into one security ecosystem, look for one that enhances the value of your existing security investments, including DLP and encryption.
7. Can I roll this out quickly and successfully to large numbers of users?
Instead of getting bogged down in high-risk, complex projects or one-size-fits all solutions that don’t truly meet your needs, deploy a solution that can demonstrate its success in large, global enterprises.
8. Do you offer deployment options that meet my requirements, including support for on-premises and hybrid cloud environments?
Rather than being forced into a vendor’s deployment model, choose the deployment that best fits your requirements now and in the future.
9. Do you provide classification-focused support resources to ensure deployment success?
Instead of working with a vendor for whom classification is only one piece of a much larger security bundle, partner with a vendor focused on data classification who can provide expert guidance for your project success.
10. Can you provide an 18-month roadmap with committed release dates, including maintenance updates and feature updates?
A classification vendor should be comfortable sharing their roadmap so that you can provide feedback and plan for future capabilities. They should also have a track record of executing on their promises; ask for a list of previous releases.
Data is the lifeblood of any business; every effort must be taken to ensure its safety. Data classification is a significant weapon in the war on cyber crime, and it can also aid where compliance legislation regulates the protection and retention of company records. However, solutions vary in terms of what they can offer organizations. Take great care when evaluating data classification providers to make sure you are choosing the solution that covers all your bases.
About the Author
Tim Upton is the founder and CEO of TITUS and provides the overall vision for products and services around information protection best practices. Tim has run successful consulting and integration companies focused on IT Security and Infrastructure and has extensive background as a technology consultant in the security and large infrastructure spaces.