For better data protection, improve classification


As the amount of information companies have in storage continues to increase at a rapid rate, maintaining control of security and data protection needs can become a complicated task. Many organizations feel compelled to delineate a large number of security classifications, which can make storage management and security excessively complicated. To simplify the data storage space, companies can work with IT consulting services to develop a custom classification plan suited to their needs.


Data classification is essential for security, privacy and legal needs, but it remains poorly implemented at many companies, InfoWorld’s Brian Katz noted in a recent column. He explained that many businesses become so caught up in the process of setting out different classification criteria that they are often outpaced by employee technology adoption. When companies fail to offer clearly defined data classification standards or spend too long developing policies, employees will turn to consumer-grade cloud computing solutions out of the need for collaboration and storage services. Rather than allow employees to potentially expose data in this way, companies should implement basic data classification and storage management policies as soon as possible.


“If companies spend too long trying to get everything perfect, it will be too late,” Katz wrote. “Their employees will find a way around them, so they can use the data they need, when and where they need it, to get their job done. The only way to enable your employees responsibly and move forward is to take one step at a time.”


Developing a plan that works

Organizations need to approach data classification as a comprehensive, collaborative project, according to experts cited in a recent Dark Reading article. Rather than placing the responsibility for data protection solely in the hands of IT teams, companies need to involve the data owners and solicit the input of security experts to develop a model that is based on specific business needs. One common mistake that can impede the success of data classification is assuming that the organization needs to meet some predetermined protocol of different classification types.


While it is possible to divide data into dozens of separate categories, most businesses can get by with simply separating data according to sensitivity levels, according to both Katz and Dark Reading. This classification is important because the way data is segmented will directly affect the cost of enterprise storage.


“There is a significant cost to segmenting data based on classification,” one information security executive told Dark Reading. “That very sensitive information can only be viewed by a select number, [and] this information needs to be moved to a new server, with the appropriate access controls, [which will] increase hardware, software, licensing, and administration costs significantly.”


To determine a data classification plan and align it with storage needs, companies should conduct regular analyses of their information ecosystems, others told Dark Reading. One way to do this is by working with a managed IT services firm to develop a storage plan that properly segments data based on security and access needs. By adopting a partnership to determine data sensitivity and plan out storage requirements, businesses can free up their most secure, expensive storage arrays while simplifying their data ecosystem.