A business can have hundreds of different data types and sources. To keep your business healthy, it’s important to understand the different types of data held, based on everything from levels of sensitivity to its author, time of creation, file format and the business processes it supports. The only way to achieve that is by classifying your data and embedding the necessary information directly into it, writing metadata into the digital records that need to be kept secure.
Solution Architects at bluesource work with many organisations to help develop bespoke solutions for data management. Over the years bluesource has documented the following best practice for consideration when developing a data classification system:
- Obtain support from management and employees using the system
- Carry out an information audit to gain an accurate view of the nature of the data, including dominant themes, semantics or the sensitivity of the information. The results of an audit then need to be placed in context with the existing metadata, as well as the details of where and how the information has been stored
- Businesses should continually review their data to keep it in the correct storage tier, moving it from expensive high-performance storage to cheaper offline storage archiving over time
Best Practice with Tagging and Classifying Sensitive Data
It is essential to understand where the data in any business or organisation resides, whether it is in the cloud or on-premise, and what solutions have been put in place to protect that data. It is important to put in place cyber security and governance policies to determine if they are relevant and appropriate for the cloud environment of a hybrid of on-premise and cloud.
It is also important to understand where the business’s data resides currently (that is, whether on-prem or in the cloud) and what solutions are in place to protect it.
Data should be tagged by ownership, purpose, audience and sensitivity level, with its classification being determined by the following criteria:
- Where should the data live?
- Which users should have access to the data?
- Is it a record that contains sensitive data?
- Does the data have a high business impact?
Data that is sensitive which needs to be secured includes data that is regulated e.g. export-controlled data, personally identifiable information (PII) or classified data such as intellectual property. Examples of sensitive data that is critical to secure include bank account numbers, passport numbers and other identifiable numbers such as national insurance numbers.
To find out more about data classification, discovery and tagging and how it can help your business or organisation, download a copy of our FREE eGuide “Business benefits from effective data classification, tagging and discovery”.
|Download our FREE eGuide Now|