Discover and Classify Your Data
Provide your data with the protection it deserves.
- Huge volumes of all different types of data make data discovery a daunting task. With such backlogs of information, it can be difficult to figure out where to start classification.
- End users are one of the weakest links in data security. Ensuring their ability to accurately classify and handle sensitive information requires significant awareness and training.
Our Advice
Critical Insight
Data classification is a huge undertaking, and the process is never really finished, as new data is created daily. However, the stress can be managed by following these tips:
- Avoid analysis paralysis
Classifying all your data at once may not be feasible. Start small, quantify your results, report them to management, and then go back and tackle a larger portion. For many, it may be best to focus on classifying new data as it’s created. Once the process is smoothed out, then move on to classifying legacy data. - Remember that data is dynamic
Data, by its nature, does not stay static. A piece of data’s criticality will peak, but strategic reassessment will eliminate under/overprotection of data. Data classification must be a program, not a project. - Classify what matters
Focus the program on data whose classification is measurable, auditable, and manageable.
Impact and Result
This blueprint will help you to understand where your data lives and who has access to it so that you can develop an appropriate data classification system by conducting interviews with data owners and by incorporating vendor solutions to make the process more manageable and end-user friendly.
- Formalize the data classification initiative with the proper policies and handling standards, as well as a structured steering committee to ensure accountability and consistency.
- Understand where your data lives and what controls are implemented to protect it. Make sure the protection is proportional to the sensitivity and criticality of the assets.
- Understand what tools are available to implement an efficient data classification program – whether provided by a third party or done in-house. Know how and when to revisit classifications to keep them up to date.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.4/10
Overall Impact
$151,157
Average $ Saved
38
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Black & McDonald Limited
Guided Implementation
8/10
$10,000
6
Good high level overview of approach/offering. Difficult to estimate any savings at this point.
County of Stafford
Workshop
9/10
$100K
110
The RACI tool efforts were very time-consuming but necessary. Otherwise, it was a great experience.
City of Winter Park
Guided Implementation
9/10
N/A
5
Safayat is very knowledgeable. He seems to have a complete grasp of the subject matter. It was very easy to interact with him.
Flight Centre Australia
Guided Implementation
9/10
$13,700
10
Excellent engagement, validation our approach and gave us strong steer with regard to next steps, no bad aspects of the engagement
Goodwill Industries of Middle Tennessee, Inc.
Guided Implementation
10/10
$13,700
10
Mainstreet
Guided Implementation
10/10
$10,000
50
Safayat and Greg are patient and take the time to understand our requirements.
Kentucky Cabinet for Health and Family Services
Workshop
10/10
N/A
50
The ITRG team worked diligently with us before the workshop to better understand our priorities, and Erik did a great job tailoring the workshop co... Read More
PA Public Utility Commission
Workshop
10/10
$1.37M
120
As a regulatory agency, there are significant fines and consequences such as prison that result from improperly dealing with CSI (Confidential Secu... Read More
Community Living Toronto
Guided Implementation
10/10
$10,000
32
safayet was amazing and very thorough. please keep up the great work.
City of Santa Fe
Workshop
10/10
$68,500
50
The facilitation was great, and the material aligned to what we needed to meet the City's objectives.
United Nations International Computing Centre
Guided Implementation
10/10
N/A
N/A
Professionalism, flexibility and availability of the expert.
Commonwealth of Virginia - Office of the Attorney General
Guided Implementation
10/10
$2,603
20
Alan was very helpful and accommodating to our needs.
Ministry of Industry, Innovation, Science and Technology
Guided Implementation
8/10
$61,706
50
Central Bank of Barbados
Guided Implementation
10/10
N/A
N/A
Anu has a cheerful disposition paired with knowledge and experience. Thanks to her, we were able to advance our data discovery efforts for nine (9... Read More
Noble Research Institute, LLC
Guided Implementation
8/10
$2,519
5
Goodwill Industries of South Florida
Guided Implementation
10/10
N/A
10
Central Bank of Barbados
Workshop
9/10
$47,500
50
The best part was that Reddy’s expertise in this area was excellence guidance for us. He was able to not only describe the best practice approach t... Read More
Lawyers’ Professional Indemnity Company
Workshop
9/10
$16,000
90
Best part is in just 4 days we were able to achieve months worth of work.
Sterilite Corporation
Workshop
9/10
$31,499
50
Interdigital Communications
Guided Implementation
9/10
$27,719
10
City Of Issaquah
Guided Implementation
10/10
$29,609
120
Logan has been a great mentor! always on time and ready to help!
Forrester Construction
Guided Implementation
10/10
$5,039
3
Best part was that Alan was very knowledgeable and accommodating throughout the experience. He provided additional internal and external resources... Read More
American Transmission Company
Guided Implementation
10/10
N/A
N/A
This project wasn't about saving time or money, but was about defining a framework to consistently assess cyber threats and appropriate system secu... Read More
Deltec Bank & Trust Limited
Workshop
9/10
$69,299
120
The entire workshop experience was awesome. Reddy, years of experience were needed and appreciated to get through this workshop.
Kleinfelder Group
Workshop
10/10
$30,999
10
I don't have any negative feedback to provide. Cassandra was very supportive and accommodating in helping us move our data security program forwar... Read More
American National Insurance Company Inc
Guided Implementation
9/10
N/A
N/A
The advice given confirms the approach we are taking and is valuable in that respect.
Children's Hospital Colorado
Guided Implementation
10/10
N/A
20
Aaron provided great info in response to my explanation of our needs. He was very focused on exploring the items that were most likely to help me.... Read More
Pact Group PTY Ltd
Guided Implementation
9/10
$19,064
5
The walk through of the research was good. We are in initial stages of a project and so it is to hard to determine the financial savings just yet
Blackbaud
Guided Implementation
9/10
$2,479
20
Best : Working documents seemed comprehensive and tied to ultimate data classification policy; I could see our organization adopting these document... Read More
Performance Trust Capital Partners
Guided Implementation
9/10
$6,199
3
Logan was very helpful and I enjoyed hearing about what other companies were doing when facing similar challenges. This adds significant value over... Read More
Workshop: Discover and Classify Your Data
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Formalize the classification program
The Purpose
- A simple data classification scheme with formal documentation
Key Benefits Achieved
- Increased insight into appropriate data
handling, storage, and transmission
Activities
Outputs
Understand the benefits of data classification.
Discuss legal, contractual, and regulatory obligations.
Develop a data classification steering committee.
- Data Classification Steering Committee Charter
Determine the data classification scheme.
Develop the data classification policy.
- Data Classification Policy
- User Data Handling Requirements Tool
Develop the data classification standard.
- Data Classification Standard
Define the data classification RACI.
- Data Classification RACI Tool
Module 2: Discover the data
The Purpose
- A plan to perform in-depth data discovery and a prioritization of classification
Key Benefits Achieved
- Increased understanding of the importance of data discovery
and classification
- Managing the challenges associated with each
Activities
Outputs
Discuss the benefits and challenges of data discovery.
Discuss the technology options for discovery and classification.
Discuss the human-based approach to data discovery.
Determine the appropriate discovery interview questions.
- Data Discovery Interview Tracking Tool
Conduct data discovery interviews (approximately two interviews).
- Approximately two completed interviews
Module 3: Classify the data
The Purpose
- An organized
classification inventory and insight into the location and level of protection
needed for your data
Key Benefits Achieved
- A system to classify data and track its lifecycle
Activities
Outputs
Continue conducting interviews (approximately two interviews) and aggregate preliminary results.
- Approximately two completed interviews
Classify the preliminary findings uncovered from interviews.
- Data Classification Verification Tool
Understand the results of the Data Classification Inventory Tool
- Data Classification Inventory Tool
Discuss next steps for optimizing the process
Module 4: Plan to implement the program
The Purpose
- Assist with getting the program started for the organization
Key Benefits Achieved
- Establishment of a data classification initiative
Activities
Outputs
Identify data metrics to track and report.
- Data Classification Metrics Tool
Develop awareness and training material.
- Data classification awareness and training material
Discuss next steps for continuing the data classification initiative.
Debrief.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 3-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Formalize the classification program
- Call 1: Establish the data classification steering committee.
- Call 2: Formalize data classification documentation.
Guided Implementation 2: Discover the data
- Call 1: Plan for data discovery.
- Call 2: Implement data discovery.
Guided Implementation 3: Classify the data
- Call 1: Classify the data.
- Call 2: Maintain and optimize the program.
Contributors
- Charles Tatosi Chavapi – Information Security Manager, Debswana Mining Industry
- Ken Dewitt – IT Director, Navajo County
- Jim Finlayson – IT Director, City of Grand Junction
- Lian Guan – Enterprise Information Management Advisor, Ontario Lottery and Gaming Corporation
- Diane Kelly – Information Security Manager, Colorado Judicial ITS
- Leon Letto – Senior Technical Sales Engineer, AirWatch
- Jim McGann – VP, Marketing and Business Development, Index Engines, Inc.
- William Mendez – Information System Security Officer, City of Miami
- Ian Parker – Head of Corporate System Information Security, Risk, and Compliance, Fujitsu Services
- Claudiu Popa – President & CEO, Informatica Corporation
- Doug Waram – Director of IT, County of Wellington
- Chris Whiting – Solutions Architect, APA Group
- Three anonymous contributors
Privacy by Design for Digital Marketing
Build a Data Privacy Program
Mature Your Privacy Operations
Discover and Classify Your Data
Fast Track Your GDPR Compliance Efforts
Secure Your High-Risk Data
Ensure Your Pandemic Response Plan Is Privacy-Proof
Comply With the California Consumer Privacy Act
Build an Effective Data Retention Program
Demonstrate Data Protection by Design for IT Systems
Tech Trend Update: If Digital Ethics Then Data Equity
Conduct an AI Privacy Risk Assessment
Prepare for PCI DSS v4.0
Comply With the California Privacy Rights Act
Comply With 2023 US Privacy Laws (Virginia, Connecticut, Utah, Colorado)