10 Questions to Ask Before Buying Data Classification – Tim Upton

By Tim Upton, CEO, TITUS 

Navigating the Buyer’s Journey for Data Classification

With more data to manage than at any time in history, data classification helps organizations discover, identify, protect and analyze their critical information.

It creates a safer and more efficient digital environment for company and customer data.

As you begin the buyer’s journey for a data classification solution, here is a list of questions about both the capabilities and back-end logistics to help you find a good fit.


1. Can Users be Required to Classify Email and Documents Based on Policy?

  • Can users be required to classify email and documents based on policy? In addition to automated classification, does the solution offer both optional and forced user-driven classification? It should be possible to prompt the user to classify or confirm an automated classification under certain conditions (such as when attaching documents to email).

2. Is it Possible to Automatically Classify Files the Instant they are Created, Moved, Downloaded or Modified?

  • Is it possible to automatically classify files the instant they are created, moved, downloaded or modified? In addition to enabling users to classify data, the solution should monitor users’ folders to automatically analyze and classify data the moment it is created in, moved to or modified within the folders. This includes the interception of files as they are downloaded from web browsers or email.

3. Is There a Way to Find and Classify Sensitive Data in Network and Cloud Repositories?

  • Is there a way to find and classify sensitive data in network and cloud repositories?Strengthen your data classification solution with data discovery. Choose a solution that combines data discovery with data classification, so you know what data you have, where it resides and who has access.

4. Is Classification and protection Available on Mobile Devices?

  • As more and more business is performed from smart phones and tablets, it is vital that data created, stored and sent from mobile devices is classified and protected as it would be from the desktop.

5. Can I Capture Additional Metadata Information Beyond Two Levels of Classification?

  • Rather than being constrained to only one or two levels of classification, future-proof your classification project with support for unlimited metadata values. This extra metadata can be used to support additional use cases such as retention management.


6. Do you Have an 18-Month Roadmap with Committed Release Dates, Including Maintenance Updates and Feature Updates?

  • A classification vendor should be comfortable sharing their roadmap so that you can provide feedback and plan for future capabilities. They should also have a track record of executing on their promises; ask for a list of previous releases.

7. Is it Possible to Roll Out this Solution Quickly and Successfully to Large Numbers of Users?

Instead of getting bogged down in high-risk, complex projects or one-size-fits all solutions that don’t truly meet your needs, deploy a solution that can demonstrate its success in large, global enterprises.

8. Does your Solution Augment the Value of my Existing Investments?

  • Rather than choosing a solution that locks you into one security ecosystem, look for one that enhances the value of your existing security investments, including DLP and encryption.

9. Are there Deployment Options that Meet my Requirements, Including Support for On-Premises and Hybrid Cloud Environments?

  • Rather than being forced into a vendor’s deployment model, choose the deployment that best fits your requirements now and in the future.

10. Do you Provide Support Resources that are Classification-Focused and Will Ensure Deployment Success?

  • Instead of working with a vendor for whom classification is only one piece of a much larger security bundle, partner with a vendor focused on data classification who can provide expert guidance for your project success.

In today’s digital world, data is an organization’s single most valuable asset.

That’s why cyber criminals are so determined to obtain it and why regulators and auditors pay such close attention to how it is managed.

Data classification is a significant help in both of these areas, but providers differ in what they offer, so don’t make any assumptions. Do your homework to make sure that you are getting the solution your organization needs.


(Courtesy of TITUS and YouTube)

From a technological standpoint, the world is a very different place than it was a decade ago. The only thing that hasn’t changed — the percentage of inadvertent data leaks.

The number of those leaks and the amount of data involved has risen dramatically in the last decade. Since 2005, the Privacy Rights Clearinghouse has published information on data breaches that have exposed more than 540 million records.

So how do you ensure the right people have access to the right information?

By clearly and easily identifying the sensitivity of each piece of information through data classification, TITUS solutions can help control who can access what data.

Tim Upton, founder and CEO, TITUS
Tim Upton, founder and CEO, TITUS

About the author:

Tim Upton is the founder and CEO of TITUS and provides the overall vision for products and services around information protection best practices.

Tim has run successful consulting and integration companies focused on IT Security and Infrastructure and has extensive background as a technology consultant in the security and large infrastructure spaces.