Select Page

What Is Data Classification and How Can It Help Protect Your Data?

Author: Eric Russo | 3 min read | September 26, 2013

With increasingly prominent data breaches worldwide, how can you best protect your organization and its data? Data classification provides that foundation, according to Ericka Chickowski, writing in Dark Reading.

What is data classification? Carnegie Mellon University defines it as:

“The classification of data based on its level of sensitivity and the impact should that data be disclosed, altered or destroyed without authorization. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data.”

The University, for example, sorts data into three different levels of sensitivity: Restricted Data, which includes any data protected by state or federal privacy regulations or by confidentiality agreements; Private Data, which is not explicitly classified as Restricted or Public data; and Public Data, which is defined as that data that, if disclosed, altered, or destroyed, would pose little to no risk to the organization.

It still needs to be protected from tampering or deleting. This could include information such as press releases.

If indecisive on a classification for data collections, it is prudent to apply the most restrictive classification. Doug Landoll, chief executive officer of Austin-based Assero Security, says:

“In theory you could create a half dozen or more classification levels, but practically speaking most organizations can deal effectively with two levels of security: standard and protected. […] An approach of creating even four or more environments each with a different set of required security controls is an administrative nightmare and does not take advantage of economies of scale.”

Erik Bataller, a senior consultant with information security consultancy Neohapsis, in a series on data classification, contends everyone within the organization needs to be involved in the classification process for it to be effective:

“The business, not IT, owns organizational data, so establish a dialogue with the executives and staff responsible for relevant systems. They need to be the enforcers across their groups.”

In some industries or instances, database administrators may need input from other departments. This may include involvement of the legal, compliance, and human resources departments.

The classification process helps organization value their information by assigning it an importance whether it is inside the database or outside it. All data needs to be properly classified in a manner that accounts for any government or regulatory mandates for management. It is not a one-off project, but one requiring regular oversight on, perhaps, a quarterly basis.

Some data classification initiatives can be extensive. A pharmacy, needing to protect information accessible through its website to meet regulatory requirements, dealt with roughly eight billion records across 180 applications and in its allied databases, including the organization’s test and development databases, explained Venkat Lakshminarasimha, global big data integration specialist with Informatica, in a workshop presentation at FutureGov Singapore Forum 2013.

Additional ideas and information about data classification can be found in “Standards for Security Categorization of Federal Information and Information Systems,” published by the National Institute of Standards and Technology.

Source: “Developing Data Classification For Stronger Database Security,” Dark Reading, 04/17/13
Source: “Data Classification Tips And Technologies,” Network Computing, 03/29/12
Source: “Integrating, Governing and Managing Big Data,” FutureGov, 04/25/13

How to Solve the Oracle Error ORA-12154: TNS:could not resolve the connect identifier specified

The “ORA-12154: TNS Oracle error message is very common for database administrators. Learn how to diagnose & resolve this common issue here today.

Vijay Muthu | February 4, 2021

PostgreSQL vs. Oracle: Let’s Compare

Discover some key differences between PostgreSQL vs Oracle that can help you make an informed decision when deciding on a database management system.

Vijay Muthu | March 30, 2021

Oracle RMAN Backup and Recovery with Restore Points

Oracle restore points are useful for benchmark testing. Find out how you can use Oracle’s Recovery Manager (RMAN) tool to create and use restore points.

Cindy Putnam | May 3, 2019

Subscribe to Our Blog

Never miss a post! Stay up to date with the latest database, application and analytics tips and news. Delivered in a handy bi-weekly update straight to your inbox. You can unsubscribe at any time.

Work with Us

Let’s have a conversation about what you need to succeed and how we can help get you there.


Work for Us

Where do you want to take your career? Explore exciting opportunities to join our team.