Data classification is an important way for organizations to determine and assign relative values to the data they possess. By separating data into categories based on sensitivity (high, medium or low, for example), an organization can set protections and procedures for managing that data accordingly. This process can yield significant benefits, such as compliance efficiencies, improved resource management, and facilitation of migration to the cloud.
For many years, large government and military entities have used data classification to help maintain the integrity of their data. Business organizations have also been investing and have come to realize the benefits of data classification.
Today, many larger businesses have an active data classification methodology, which is good news. On the other hand, many small to midsized businesses (SMBs) are less mature when it comes to data classification. According to aggregated data from Microsoft’s Cloud Security Readiness Tool, 43 percent of SMBs aren’t using well-defined data classification methodologies and may be improperly classifying personally identifiable information (PII).
To help business leaders understand the importance of data classification, Microsoft Trustworthy Computing has just released two new papers outlining the process and its benefits.
• “Data Classification for Cloud Readiness” outlines the risks and issues that can be mitigated to ensure a smoother transition to a cloud service. The paper also considers technologies such as encryption, rights management, and data loss prevention solutions and how their implementation has evolved in the cloud era. The paper’s appendix also identifies some of the top data classification regulations and compliance requirements that are currently relevant.
• “CISO Perspectives on Data Classification” provides insight from the chief information security officers (CISOs) of three organizations about key data classification issues and challenges, as well as how they have implemented data classification.
The CISO participants interviewed by Microsoft include:
o Pierre Noel, Chief Security Officer & Advisor – Asia, for Microsoft
o John Meakin, Chief Information Security Officer for the Royal Bank of Scotland (RBS)
o Timothy Youngblood, Chief Information Security Officer for Dell Corporation
Data classification efforts vary in size and focus with every organization, and these two papers help to provide a starting point. In particular, organizations that are assessing or currently using cloud computing services can benefit from optimizing their data management by implementing data classification.
Both papers can be downloaded from www.microsoft.com/trustedcloud, where you will also find a variety of additional cloud security resources, including the CSRT – a survey-based tool based on the Cloud Security Alliance’s Cloud Controls Matrix. The CSRT helps organizations assess their current IT state and whether cloud adoption will meet their business needs.