Getting started with business continuity: finding your data crown jewels

Sponsored By: Rogers

One of the problems with today’s data volumes is, well, today’s data volumes. There’s so much of it, it’s virtually impossible to sort out what’s mission-critical, what’s important, and what’s merely there.

The Enterprise Connectivity Series
Future-proofing your business

Why managed Wi-Fi makes sense for business

Reducing the cost and complexity of network security

How upgrading your network can deliver a competitive advantage

Keeping it simple: Tackling infrastructure complexity

Three ways businesses can shed the burden of managing mobile devices and data

Without those distinctions, there are two choices: back up everything, if you can, and hope it can be recovered in a reasonable amount of time if that becomes necessary, or take a stab in the dark and pray that if something goes wrong you can retrieve what you need to keep the business afloat.

Neither is a particularly viable option in case of disaster.

So, how can you make sure that you’re adequately protecting your company’s crown jewels? The first step is figuring out what they are. And that requires data classification.

Data classification is part of the information lifecycle management process. Once implemented, it allows you to determine what data needs protecting, how strong those protections need to be, and how important the data is to your business. For example, intellectual property that differentiates your offerings from everyone else’s is a major competitive advantage. If it’s lost, the business could go under. A memo about vacation days, on the other hand, is something that could be painted on the building’s wall without significant impact, and would not be missed if it were lost in a disk crash.

Common data classification schemes consist of three categories. The first, variously known as Confidential or Restricted, contains data the loss of which would be catastrophic to the organization. Think of items such as personally identifiable information, credit card numbers, medical data, authentication such as user names and passwords or encryption keys, or the aforementioned intellectual property.

The second category (sensitive, internal use only, or private) is of medium sensitivity. It consists of things like most email, and most business data (unless it is confidential).

The third category is Public – anything like a press release, marketing material, and so forth, that has been deliberately released to the public.

There are more complex schemes as well, such as that detailed in FIPS PUB 199, from the U.S. National Institute of Standards and Technology, that interweave data confidentiality, integrity, and availability, if a simple classification isn’t enough.

The next thing you need to know is who owns the data, who else has access to it, and what each user can do with it.

Manual data classification would be time consuming to the point of impossibility for many organizations, so there have been tools developed that handle the bulk of the task. For example, Microsoft has released the Microsoft Data Classification Toolkit, a free download that is designed to help enable an organization to identify, classify, and protect data on its file servers, and HP offers the Atalla Information Protection and Control Suite, which provides automatic classification at the point of creation, once the product has been set up, and ensures that the classification remains attached to the data as it moves.

Data classification can be a lot of work, and is time-consuming to the point where internal staff often just can’t cope. But it’s too important to neglect, so if it’s beyond internal personnel’s capabilities, it’s well worth engaging experts such as the Rogers business continuity specialists to make sure the right data is protected in the right way to keep you in business should disaster strike.


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Sponsored By: Rogers

Lynn Greiner
Lynn Greiner
Lynn Greiner has been interpreting tech for businesses for over 20 years and has worked in the industry as well as writing about it, giving her a unique perspective into the issues companies face. She has both IT credentials and a business degree.