Custom Vendor Landscape
Data Discovery and Classification Software
Prepared for: [Client Name Redacted]
Understanding the Selection Initiative
Objective
[Redacted] is looking to get an idea of what fits their team with respect to the overarching ‘Data Classification and Sensitive Data Discovery’ (DCSDD) COTS software landscape. Automation as a key use case is important as they want to streamline their process for how they do DCSDD internally as their current application environment is more “manual” in scope and less automatized.
Currently looking at MS Purview as [Sanitized] is a big Microsoft shop and at present, have a comprehensive global agreement with them. An end user acceptance/pilot testing phase has been greenlit for MS Purview; however, the investigation has so far not been as comprehensive due to timing restrictions across the team. Potential points of integration for sensitive data classification across various business apps in [Redacted]’s tech stack include “Service Now”, CRM solutions, [Redacted] developed tools, data residing within Workday for core ERP (business department(s) as [Redacted] would want to classify as a lot of client related data resides in Workday ERP), etc.
120 (+) practice offices with local file servers that have data accumulating for 20-40(+) years. Currently in the state of transitioning data from LFS to the Azure file share service. AI-enabled predictive forecasting engine to notify end users of any schema changes (e.g., anomalous/unwanted changes made to existing databases), prevent end users going against any business rules, etc.
Vendor Selection Criteria
In evaluating the marketspace for Data Discovery and Classification Software, Info-Tech’s analysts looked at the following vendor attributes:
- Breadth and depth of capabilities for Data Discovery and Classification Software
- Vendor footprint (vendor market presence, vendor share of mind, vendor stability and long-term viability)
- Focus on vertical-specific capabilities
- Customization potential and ease-of-use
- Affordability transparency
Selection Rigor Matters.
Enterprise software is a key driver of digital transformation - having a strong approach to vendor selection is essential. Info-Tech’s research shows that 70% of application selections fail because of poorly defined requirements and inadequate vendor validation.
Defining Data Discovery and Classification Software
Market Definition
Data Discovery and Classification software are tools utilized to help employees enable secure use of and pinpoint the location of sensitive data by employees. Moreover, data discovery and classification software can be utilized to help automate the discovery and identification of sensitive data file types, and receive detailed reports on the type, location, and volume of personal data stored access data stores such as Windows file servers and Microsoft SQL servers.
In addition, there is also the ability to define comprehensive data discovery rules to help corporations develop organization-specific policies to help accelerate the process of cataloging sensitive business data.
Moreover, as an additional feature area of interest, it is expected that data discovery tools and classification software can help display the appropriate educational prompts when actions violating specific data usage policies are detected.
Key Trends
Data is the foundation of any business. If any sensitive data becomes breached, or if a company were to lose access to that data, or if the data somehow becomes compromised, it can significantly damage the corporation in terms of overall brand reputation, financial performance, and customer loss.
According to research conducted by IBM, the average cost of a data breach rose from 3.86 million (USD) to 4.24 million (USD) in 2021. Compromised credentials was the leading cause of breaches, responsible for 20 percent of all breaches at an average cost of 4.37 million (USD).
Source: IBM – Cost of a Data Breach Report - 2022
Data Classification remains an integral and fundamental part of data security. Statistics show that nearly 62% of U.S. firms suffered a data breach last year and over 80% contained a human element, including incidents where employees compromised confidential records.
Source: A Triple Threat Across the Americas, 2022 KPMG Fraud Outlook
Top Level Features for Data Discovery and Classification Software
|
Feature Name |
Description |
|---|---|
|
Automated Risk Mediation |
Data Discovery and Classification software should be able to protect sensitive files by automatically moving them to a secure area, removing permissions from global access groups, and redacting any confidential content from documents. |
|
Enhanced Compliance Practices |
Classifying data helps businesses better enforce data privacy policies and meet both legal and regulatory data privacy requirements. |
|
Flexible Classification of File Type Data |
Option to classify and segment all the data irrespective of the file type it is saved as. Important if your organization want to enhance its data protection and ensure data privacy compliance. |
|
Open SDK Environment |
Data Discovery and Classification software should provide options to interoperate with various data connections to enable more comprehensive access across the entirety of your data ecosystem. |
|
Alignment with key Industry Regulatory Standards |
There should be compliance and adherence to common industry regulatory standards (e.g., GDPR, CCPA, HIPAA, PCI DSS, ISO, etc). |
|
Reports Generation |
Data Discovery and Classification software should provide ease of portability with the reports and make them more interactive for the end user. |
Key Players
Info-Tech identified 5 platforms applicable to the use case. The platforms are listed in alphabetical order.
