A recent report entitled “Information Strategy 2017”, published by the Information Coalition finds that information security remains a top priority for over 90 percent of organizations. Given that the number of data breach activity continues to rise, these finds are not very surprising.

What is surprising, however, is many organizations continue to increase their spend on security-related software without putting in the additional work of better information architecture. This can prove extremely problematic down the road. When we are unaware of where our riskiest information resides, we aren’t able to effectively secure it. So, while it’s wonderful to see organizations prioritize information security initiatives, taking the appropriate steps in organizing and classifying data should be a close second.

A data classification endeavor doesn’t have to be complicated. So, it’s best to keep it simple. Quocirca’s Clive Longbottom, a technology industry analyst, suggests the following key steps in conducting a successful data classification project.

  • Understand the business – including any legal, regulatory requirements
  • Identify all business units where classification might be relevant
  • Create a matrix of all information assets and the rules that apply to each
  • Define primary, secondary, tertiary storage needs for each asset
  • Define the rules and different classification names that apply to each asset
  • Select a technology that will enable the rules and policy to be applied consistently throughout the entire organization

We look forward to monitoring how organizations are using data classification to ensure the ongoing effectiveness of information security efforts.