Rethinking Data Discovery and Data Classification Strategies (2018)
by Heidi Shey with Stephanie Balaouras , Elsa Pikulik , Sam Bartlett , Forrester Research Inc.
Defining data via data discovery and classification is an often overlooked, but critical, component of data security and privacy. Security and risk professionals can’t expect to adequately protect data if they don’t have knowledge about what data exists, where it resides, how valuable it is to the firm, and who can use it.
In this recently released report, Forrester Research help security and risk professionals rethink the approach to discovery and classification. With the right approach, organizations can craft policies and deploy the right mix of controls that will protect customer data and the firm’s intellectual property.
Key takeaways include:
- Classification enables the creation of attributes for data identity, which helps determine how to handle and secure data
- Classify new data first and address legacy data later
- Determine Data Classification approach by either sensitivity / value or how you need to protect it
- Dynamic data classification currently requires the integration of both manual processes involving employees as well as tools for automation and enforcement