Discover and Classify Your Data

Do not fill in this field

Enter no text in this field

Get Instant Access
to This Blueprint

Business Email

Full Name

Company

Phone

Job Title

Huge volumes of all different types of data make data discovery a daunting task. With such backlogs of information, it can be difficult to figure out where to start classification.
End users are one of the weakest links in data security. Ensuring their ability to accurately classify and handle sensitive information requires significant awareness and training.

Our Advice

Critical Insight

Data classification is a huge undertaking, and the process is never really finished, as new data is created daily. However, the stress can be managed by following these tips:

Avoid analysis paralysis
Classifying all your data at once may not be feasible. Start small, quantify your results, report them to management, and then go back and tackle a larger portion. For many, it may be best to focus on classifying new data as it’s created. Once the process is smoothed out, then move on to classifying legacy data.
Remember that data is dynamic
Data, by its nature, does not stay static. A piece of data’s criticality will peak, but strategic reassessment will eliminate under/overprotection of data. Data classification must be a program, not a project.
Classify what matters
Focus the program on data whose classification is measurable, auditable, and manageable.

Impact and Result

This blueprint will help you to understand where your data lives and who has access to it so that you can develop an appropriate data classification system by conducting interviews with data owners and by incorporating vendor solutions to make the process more manageable and end-user friendly.

Formalize the data classification initiative with the proper policies and handling standards, as well as a structured steering committee to ensure accountability and consistency.
Understand where your data lives and what controls are implemented to protect it. Make sure the protection is proportional to the sensitivity and criticality of the assets.
Understand what tools are available to implement an efficient data classification program – whether provided by a third party or done in-house. Know how and when to revisit classifications to keep them up to date.

Discover and Classify Your Data Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should classify your data, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Discover and Classify Your Data – Executive Brief

1. Formalize the classification program

Begin by understanding the importance of data classification and how to develop a classification program.

2. Discover the data

Understand the importance of data discovery and how to incorporate human- and technology-based tools to simplify the discovery process.

3. Classify the data

Implement the classification program in order to make sure it has the appropriate level of protection.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.2/10

Overall Impact

$20,287

Average $ Saved

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Central Bank of Barbados

Guided Implementation

10/10

N/A

Anu has a cheerful disposition paired with knowledge and experience. Thanks to her, we were able to advance our data discovery efforts for nine (9) of our business areas. Through our various analyst calls we were able to increase the understanding of va...

Noble Research Institute, LLC

Guided Implementation

8/10

$2,519

Goodwill Industries of South Florida

Guided Implementation

10/10

N/A

Central Bank of Barbados

Workshop

9/10

$47,500

The best part was that Reddy’s expertise in this area was excellence guidance for us. He was able to not only describe the best practice approach to Data Classification but how it relates to the nuances of our Central Bank, our own data discovery and cla...

Lawyers’ Professional Indemnity Company

Workshop

9/10

$16,000

Best part is in just 4 days we were able to achieve months worth of work.

Sterilite Corporation

Workshop

9/10

$31,499

Interdigital Communications

Guided Implementation

9/10

$27,719

City Of Issaquah

Guided Implementation

10/10

$29,609

120

Logan has been a great mentor! always on time and ready to help!

Forrester Construction

Guided Implementation

10/10

$5,039

Best part was that Alan was very knowledgeable and accommodating throughout the experience. He provided additional internal and external resources that were valuable to assist with completing the project. Also, having the blueprint and personal guidance...

American Transmission Company

Guided Implementation

10/10

N/A

This project wasn't about saving time or money, but was about defining a framework to consistently assess cyber threats and appropriate system security protection packages to mitigate threats. Logan was very helpful to provide insights and perspectives ...

Deltec Bank & Trust Limited

Workshop

9/10

$69,299

120

The entire workshop experience was awesome. Reddy, years of experience were needed and appreciated to get through this workshop.

Kleinfelder Group

Workshop

10/10

$30,999

I don't have any negative feedback to provide. Cassandra was very supportive and accommodating in helping us move our data security program forward with this critical first step in defining a policy and user handling standard.

American National Insurance Company Inc

Guided Implementation

9/10

N/A

The advice given confirms the approach we are taking and is valuable in that respect.

Children's Hospital Colorado

Guided Implementation

10/10

N/A

Aaron provided great info in response to my explanation of our needs. He was very focused on exploring the items that were most likely to help me. It was a great experience speaking with him.

Pact Group PTY Ltd

Guided Implementation

9/10

$19,064

The walk through of the research was good. We are in initial stages of a project and so it is to hard to determine the financial savings just yet

Blackbaud

Guided Implementation

9/10

$2,479

Best : Working documents seemed comprehensive and tied to ultimate data classification policy; I could see our organization adopting these documents (ex: data inventory) with a few customizations. Worst: As suspected, there is no easy answer for data...

Performance Trust Capital Partners

Guided Implementation

9/10

$6,199

Logan was very helpful and I enjoyed hearing about what other companies were doing when facing similar challenges. This adds significant value over us just reading through the documents.

Maxion Wheels

Guided Implementation

10/10

N/A

HEART Trust/NTA

Workshop

10/10

$30,999

Best Parts: Interviews with business units Experiencing the structured approach to executing the initiative via the blueprint and templates Worst Time was too short Coming to the end of the Energetic collaboration

Rushmore Loan Management Services LLC

Guided Implementation

10/10

$12,399

110

Michelle is amazing. This was a great engagement. Not only was she very flexible to our needs, but the sessions were all efficient and on point. Would love to work with Michelle again

Hope Global

Guided Implementation

10/10

$13,873

Hope Global

Guided Implementation

10/10

$31,405

Fleet Feet Sports

Guided Implementation

10/10

N/A

Dataprise Inc.

Guided Implementation

9/10

$31,405

General Dynamics Mission Systems, Inc

Guided Implementation

9/10

N/A

Energy+ Inc.

Guided Implementation

7/10

$50,000

We were only getting started on this, but our contract with InfoTech came to an end due to budgetary considerations so we had to stop this effort.

Massimo Zanetti Beverage USA

Guided Implementation

7/10

$12,733

Office of Information Services for Oregon Health Authority (OHA) & Department of Human Services (DHS)

Guided Implementation

9/10

$63,667

Platte River Power Authority

Workshop

10/10

$2,479

105

The best part is walking out of the the week with a completed Standard and RACI. The next best thing is that by having had some data creators and data champions in the room during the week will facilitate adoption of the classification standard and the c...

American Systems Corporation

Workshop

3/10

N/A

Load More Testimonials

Workshop: Discover and Classify Your Data

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Formalize the Classification Program

The Purpose

A simple data classification scheme with formal documentation

Key Benefits Achieved

Increased insight into appropriate data handling, storage, and transmission

Activities

Outputs

1.1

Understand the benefits of data classification

1.2

Discuss legal, contractual, and regulatory obligations

1.3

Develop a Data Classification Steering Committee

Data Classification Steering Committee Charter

1.4

Determine the data classification scheme

1.5

Develop the Data Classification Policy

Data Classification Policy

1.6

Develop the Data Classification Standard

Data Classification Standard

1.7

Define the Data Classification RACI

Data Classification RACI

Module 2: Discover the Data

The Purpose

A plan to perform in-depth data discovery and a prioritization of classification

Key Benefits Achieved

Increased understanding of the importance of data discovery and classification
Managing the challenges associated with each

Activities

Outputs

2.1

Discuss the benefits and challenges of data discovery

2.2

Discuss the technology options for discovery and classification

2.3

Discuss the human-based approach to data discovery

2.4

Determine the appropriate discovery interview questions

Data Discovery Interview Tracking Tool

2.5

Conduct data discovery interviews (approximately two interviews)

Approximately two completed interviews

Module 3: Classify the Data

The Purpose

An organized classification inventory and insight into the location and level of protection needed for your data

Key Benefits Achieved

A system to classify data and track its lifecycle

Activities

Outputs

3.1

Continue conducting interviews (approximately two interviews) and aggregate preliminary results

Approximately two completed interviews

3.2

Classify the preliminary findings uncovered from interviews

3.3

Understand the results of the inventory tool

Data Classification Inventory Tool

3.4

Discuss next steps for optimizing the process

Module 4: Plan to Implement the Program

The Purpose

Assist with getting the program started for the organization

Key Benefits Achieved

Establishment of a data classification initiative

Activities

Outputs

4.1

Identify data metrics to track and report

Data Classification Metrics Tool

4.2

Develop awareness and training material

Data Classification Awareness and Training Material

4.3

Discuss next steps for continuing the data classification initiative

4.4

Debrief

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Formalize the classification program

Call 1: Establish the data classification steering committee.
Call 2: Formalize data classification documentation.

Guided Implementation 2: Discover the data

Call 1: Plan for data discovery.
Call 2: Implement data discovery.

Guided Implementation 3: Classify the data

Call 1: Classify the data.
Call 2: Maintain and optimize the program.

Authors

Celine Gravelines

Logan Rohde

Michelle Tran

Chris Chiancone

Contributors

Charles Tatosi Chavapi – Information Security Manager, Debswana Mining Industry
Ken Dewitt – IT Director, Navajo County
Jim Finlayson – IT Director, City of Grand Junction
Lian Guan – Enterprise Information Management Advisor, Ontario Lottery and Gaming Corporation
Diane Kelly – Information Security Manager, Colorado Judicial ITS
Leon Letto – Senior Technical Sales Engineer, AirWatch
Jim McGann – VP, Marketing and Business Development, Index Engines, Inc.
William Mendez – Information System Security Officer, City of Miami
Ian Parker – Head of Corporate System Information Security, Risk, and Compliance, Fujitsu Services
Claudiu Popa – President & CEO, Informatica Corporation
Doug Waram – Director of IT, County of Wellington
Chris Whiting – Solutions Architect, APA Group
Three anonymous contributors