How data classification works

Introduction: What is data classification

If you want to protect specific data in your company, you need a way to identify it first. Data classification lets you define what data should be treated as sensitive (for example, personal information, credit card numbers, or data produced by specific applications, etc.). You can then use these classifications in protection policies to detect and secure sensitive files and related activity.

How Safetica classifies data

Safetica can classify files based on one or more of the following approaches:

Sensitive content: Search for sensitive content in files. Each file is analyzed whenever it's altered, so classifications stay current.
Origin and context: Classify data based on where the file came from or how it was created/transferred (for example, if it was transferred at any point from a specific application, file path, or website). Useful in cases, where sensitive materials are non-textual (like technical drawings), and their origin can be a defining factor. Files stored in specific locations, downloaded from certain websites, or exported from designated applications can be classified accordingly .

🍏MacOS devices: Exports from designated apps are currently not supported on macOS. Learn more about feature differences between Windows and macOS here.

3. File type: Limit classification to specific file types. You can refine the approaches above by specifying file types. This reduces noise by limiting classification to formats that are likely to contain the sensitive information you care about.
4. Existing third-party classification: Safetica Client can recognize metadata classifications produced by third-party classification tools and apply corresponding protection policies to those files.

All these approaches can be combined in one data classification.

Examples from common use cases:

HR: Protect CVs of applicants by defining text patterns that determine sensitive files (most common names, typical keywords used in CVs, etc.).
Healthcare: Protect patient personal data using built-in algorithms for many countries’ ID numbers.
Engineering: Protect drawings that are hard to classify by content by classifying files stored in a specific shared location (for example a network share used for drawings).

How protection policies evaluate data classifications

No priority among data classifications: Data classifications are not prioritized, they are ordered alphabetically. Classifications are evaluated and protection is determined by linked protection policies and their priority.
A protection policy can specify the behavior for any number of data classifications. If a policy contains multiple data classifications, the policy applies to ALL of them using OR logic.

In practice: If any of the classifications linked to a policy matches, the policy is applied.

Destination support: Protection policies support the same destinations and situations for all data types, with these exceptions:

A pure file property data classification cannot control:
- Print
- Clipboard (including clipboard in RDP)
- Screen sharing
The Git destination type is limited to data policies that target all data (git cannot be used with a specific data classification).

Protection policies are available for macOS, but there may be differences in behavior between Windows and macOS for some capabilities.

Content analysis settings apply globally across data classifications:
- Which file types are analyzed for sensitive content
- Whether OCR is enabled and for which languages

ZIP archives: Classification survives .zip compression.
- If sensitive files are compressed into a .zip, the .zip file becomes sensitive.
- All policies and classifications applied to the individual files are applied to the .zip file as well

Current scope and future direction

Safetica’s goal is to use all kinds of info we collect during a file’s lifecycle to further improve the robustness of our DLP and risk assessment, including support across varied storage locations (for example cloud storage, network shares, and macOS devices). The end-goal is to collect info and provide protection like this:

Planned focus areas include:

Ensuring classification survives cross-device transfers and transformations regardless of file type.
Collecting and correlating information across devices and cloud services to improve visibility and response to advanced threats.

How to work with data classification

Data classification in action

Want to see Data classification in action? Watch the video below to learn how data classification works in Safetica:

In the Data classification section, you can:

Review existing data classifications:
- See when they were last edited.
- Enable/disable classifications.
- Choose from predefined classifications prepared by Safetica (learn more here).
Data discovery settings: Select on which devices and file paths Data discovery should search for sensitive files. Learn more about setting up Data discovery here.
Content analysis settings (global):
1. Select which file types are analyzed for sensitive content. Learn more here.
2. Configure OCR. Learn more about OCR here.
Create new: Create a new data classification and your own rules from scratch. Learn more here.
Use templates: Start from Safetica’s predefined data classification templates and adjust them as needed. Learn more here.

✍️If you want to learn how to use data classifications in policies, read this article.

FAQ

Q: Can Safetica classify databases?

A: Yes, a database file can be classified.

Q: Can Safetica integrate with existing data classification systems for content fingerprinting?

A: No, Safetica does not support content fingerprinting and does not integrate with content fingerprinting systems.

Q: Can Safetica scan/crawl network shares to classify files stored there?

A: No, that is usually not needed. Files are classified locally when a user downloads them from the network share to work with them.

Q: What file systems are supported for classifying files on network shares?

A: All network shares using the Samba protocol are supported.