Moderator: Dave Vellante
Analysts: Dave Vellante and David Floyer
The current state of data classification is largely a byproduct of historical, hierarchical storage management (HSM) implementations where data age is the primary classification criterion. Early visions of classifying data based on business value never fully came to fruition because it required a manual, brute force approach and was too hard to automate. Age-based classification enabled automation processes to be more easily applied to data classification initiatives and became the de facto standard.
A new emphasis on compliance, discovery, archiving and provenance substantially challenges existing data classification taxonomies. New business value drivers include 'never delete' retention policies as well as performance, availability and recovery attributes which are the underpinning of resurgent data classification efforts. While generally age-based schema predominate, they must more aggressively incorporate richer classification attributes. However this extension should be accomplished with an eye toward automation where data set meta-data is auto-classified upon creation and/or use of the data set. Future data classification efforts will involve much broader perspectives and serve as the mainspring of multiple enterprise initiatives, including: ILM, tiered storage, email archiving, decision support, data mining, electronic content management and compliance. In short, data classification will serve as the foundation for information value management and while the manual development of business categories is always necessary, without auto-classification there is no chance of success.
Action Item: IT organizations must break with the past and make business process, not age of data sets the defining criterion for classification schema. This approach will not scale without auto-classification capabilities that assign meta-data to data sets at the point of creation or use. Emerging tagging methodologies borrowed from social networking may provide a complementary user-driven approach, but these will not suffice for compliance and legal requirements.