Greater control over your data thanks to data classification

The amount of data is growing rapidly. As we wrote in our article last week, ‘only’ 64.2 zettabytes of data was created in 2020 and is expected to be a whopping 181 zettabytes by 2025. It is even said that globally there are more bytes than grains of sand. This surge is leading to an ever-increasing need to keep data in control. Considering this is also important for your organisation, as it determines which Cloud is the best fit. How? Read it in this article.

‍
A century ago, oil was the most important resource worldwide. Nowadays, data is seen as the oil of the digital age. Thanks to the huge increase in the amount of data, it is becoming increasingly valuable for organisations. Consider companies like Google and Facebook, which make their money mainly from user data. In 2021, for instance, Facebook earned $15.49 every quarter per European user, while users themselves hardly know what is being done with their data (1). With 408 million European users alone each month, that's quite a revenue model.

Have you ever thought about which is worse for your organisation: not being able to access your IT or not being able to trust your data? And have you ever considered the value of data in your organisation? Suppose that this data is unavailable or hits the streets due to a cyber-attack, what are the consequences of this?

The fact that data is increasingly becoming a revenue model for criminals is also evidenced by the explosion in the amount of cyber attacks. The number of cyber attacks on Dutch municipalities, for example, increased sharply in 2021, and it is striking that cyber criminals do not hesitate to publish privacy-sensitive data of residents, companies and employees online (2). The consequence? Disaster recovery is now increasingly focused on cyber attacks rather than, for example, power outages. An IDC survey of US and Western European organisations found that by 2021, as many as 79% of these organisations will have relied on a Disaster Recovery solution, with 61% of cases involving a ransomware attack or other form of malware (3). This has greatly increased concerns and raised more and more questions around data privacy, such as: where does my data actually reside? And who can actually access it all? Confidence in dealing with data needs to rise. But how? The first step in this is data governance (laws and regulations).

‍

‍

The first big step towards data protection was taken in 2018. In an earlier blog article, we wrote the following about this: the General Data Protection Regulation (GDPR or AVG in the Netherlands), which came into force in 2018 within the European Union, has ensured a much stricter handling of privacy-sensitive and personal data. Individuals are entitled to have privacy-sensitive data protected, but also accessible to them so that they can view it and decide whether data should be modified or deleted. In addition, more and more data sovereignty legislation is emerging: personal data is subject to the laws of the sovereign state in which the data was produced. In other words, if a Dutch citizen from the Netherlands creates data or leaves his data somewhere, it is protected by Dutch (and EU) privacy rules. A central aspect of this legislation is the physical location of the data, in other words data residency: many countries require organisations, which operate in a particular country, to store data regarding residents on servers located within the country's borders.

Governance in data protection is therefore an ongoing process, for instance, the EU Data Act (4) may come into force as of mid-2025 and the advent of NIS2 (5) should increase the data resilience of organisations. By complying with these rules, you can also ensure for yourself that you are keeping your data in control.

How? Through the second step: classifying data. Data classification is nothing but assigning a certain value to data to determine its level of protection. Today, we see organisations classifying data based on, for example, confidentiality and business impact in case of data loss. Thus, there are all different types of data, all of which can land in a different kind of Cloud, each with its own level of protection and certifications. To protect your most critical data, for instance, it is best to opt for a sovereign Cloud. Therefore, data sovereignty actually starts with data classification, in order to provide specific guarantees on things like data identity and protection.

‍

‍

‍

According to the VMware Sovereign Cloud Framework, there are four different types of data: secret, restricted, protected and public data. At Fundaments, we also use this framework when advising on the implementation of Cloud solutions.

Curious about what stage of data sovereignty your organisation is in? Check it out in the image below!

The next step is to determine the right Cloud to suit your data classification. You can read more about this in next week's article.

Sources::
(1) Tweakers
(2) NOS
(3) ICT/Magazine
(4) Central Government
(5) Digital Government

‍

‍