6 September 2021


Acting on Classified Data to Achieve Regulatory Compliance

Data classification is a critical part of any information security and compliance program, especially if your organisation stores copious amounts of data or uses email to communicate internally or externally. It provides a solid base for your data security strategy by helping you understand what and where you store sensitive and regulated data, both on premises and in the cloud.

Data Classification can furthermore improve user productivity and decision-making and can reduce storage and maintenance costs by enabling you to eliminate unneeded data.

In this post, you will learn about what actions can be taken once your data has been classified, what benefits can occur from taking these actions, how to implement them and how to choose the right software.

In Brief What Is Data Classification?

Data classification is the process of organising structured and unstructured data into defined categories that are representative of diverse types of data. Standard examples would be – Public, Confidential, Sensitive and Personal.

I Have Built an Effective Data Classification Policy and Classified My Data, Now Am I Compliant?

Not quite, but you are on the right track- A data classification policy is a document that includes a classification framework, a list of responsibilities for identifying sensitive data, and descriptions of the various data classification levels. It does not perform the actions that make you compliant.
Once data is classified you will have a clear idea of what actions your organisation needs to take to become compliant with legislation such as GDPR (General Data Protection Regulation), CCPA (California Consumer Protection Act), HIPAA and ISO to name a few. You will also be able to understand your data better and remove unwanted data enabling you to reduce data costs. You will also be able to identify data that can and should be archived as it falls within retention requirements but is not used daily, but that also needs to be secured and protected.



What Are the Common Actions Organisations Can Take on Classified Data?
Create Single and Automated Policies to Regain Control

Now that you understand your data, you can control your data. Organisations can take action to remove Redundant, Obsolete & Trivial (ROT) data, create automatic policies to clean your data, and separate your important data for reporting, deleting, archiving, and indexing, giving you back control of your data. All data that is archived is stored in an encrypted format which further protects your critical data.

Conduct A Clean-Up

There was a time that the mindset on storage was “keep it all, we may need it”. But with data piling up and regulation controlling how data should now be managed, that has changed. And the load on your environments (on-premises or Cloud) can be lightened with a bit of attention to what you are maintaining in email and file storage. Performance is noticeably improved, backup times & costs cut substantially. Clients at Waterford Technologies typically reclaim about 20% of their storage space through the initial data clean-up process in just 24 hours.

Removing The ROT

With the removal of obsolete and the archiving of older data, you can reduce the demands on primary and expensive disks. This will also reduce your current Backup time and costs by approx. 70% per month.

Setting up Retention Policies

Waterford Technologies allows organisations to create multiple policies to meet simple and complex retention requirements, with different retention periods such as per department, user, and date ranges. Once you create your policies in line with your privacy statement or guidelines, the rest is automated. It is also a good strategy to review and amend your policies from time to time to ensure compliance and data hygiene.

Immutable File Storage

Once you have identified critical file data that you simply cannot lose you can implement immutable storage via our SISCIN TripleLock. TripleLock storage protects your critical documents and files from Ransomware attack, deletion either accidentally or intentionally, until the assigned retention period that you have defined for those files has expired. TripleLock file storage helps you in meeting regulatory or legal retention requirements for some types of information that requires an additional level of protection.

What Software Should I Use to Action Data After Classification?

Organisations should look at selecting a data management and archiving solution that can support Getvisibility’s ability to classify unstructured data across organisations with unparalleled accuracy of search and performance. Waterford Technologies has partnered with Getvisibility to do just that.
Waterford Technologies provides fully managed data archiving and eDiscovery solutions and services to work in tandem with Getvisibility’s data classification technology. This partnership brings the best in the breed of archiving and classification to identify, classify, tag, secure, encrypt, retrieve, and implement retention with data immutability. It provides peace of mind, reducing costs via removal of ROT and legacy licensing to protect your organisation against data breaches, regulations, and legislation and meeting the demands of SAR’s and eDiscovery.

Email and File Solutions

MailMeter is a cloud or on-premises based email management and compliance platform. MailMeter can take your classified email data and archive it allowing you to easily find every single email in your organization, conduct eDiscovery, freedom of information, and DSAR’s searches directly from your desktop anywhere. The email archiving solution gives you the ability to narrow the scope of your search across email using clearly defined criteria. Here you can apply retention policies, deduplicate data and apply all the actions points mentioned above, giving you better control of your email data.

SISCIN is a cloud solution hosted in Azure that provides File Analysis, Management, and Control. Our online dashboard of single or multi-locations presents full drill-down reporting of your entire file server data. Insight creates knowledge that creates control, with policy-based actions for clean-up, deduplication, content indexing, and secure stub archiving directly to the public cloud.

SISCIN TripleLock archives also allows organisations to quickly implement WORM technology that makes immutable “locked” copies of their data within the cloud, thereby providing comprehensive ransomware protection.

For more information visit www.waterfordtechnologies.com

Speak to one of our experts