Week 8 - Data Classification

 All forms of data and their security. The question then that is posed is how do we identify what data needs protection, how often does it need protection, and who should see such data? These questions will primarily depend on the client/organization and cloud provider, but some guidelines should be followed to better classify the data being handled.

The main guidelines for data classification are 
  • Sensitivity
  • Compliance
  • Lifecycle
  • Visibility
First of all, we have sensitivity. Sensitivity is dependent upon who should be able to access and view the data. Determining who can manage the data and if the data should be accessible from outside the organization is key. This means that the data should be handled in a way that allows similar data types to be grouped together to make their management easier.

The level of compliance is how should the data be restricted and whether should regulations be applied to the data. One of the considerations is the inclusion of whether or not encryption should be used on the data. Not only if encryption should be used, but the methods of encryption and the protocols of encryption. 

The life cycle of the data is how long the data will be active in the environment. There are times when certain sets of data will not be in the active data lifecycle. In those cases, it is important to think about what should be done with the data. Sometimes it may be appropriate to delete the data. Other times, it may be necessary to archive the data. 

Finally, considering the visibility of the data. In other words, can the data be tracked for the clients or within the organization? Making sure that you track the data by setting up data logs can be beneficial for making sure the data isn't being overmonitored with excessive information or under-monitored with no attention directed towards the data.

These 4 aspects will help in classifying data and figuring out how to set proper solutions for it.

Comments

Popular Posts