NIST Privacy Framework : Our Essential Data Protection Guide

Close

The Analyst View: Key takeaways from Forrester’s Now Tech: Data Discovery and Classification Report

Although data discovery and data classification have formed the bedrock of strong data governance programs for several decades, they are experiencing a resurgence in popularity by organizations of every size and across every sector. The renewed interest is primarily driven by the emergence of stringent compliance regulations, such as the General Data Protection Regulation (GDPR) and California Privacy Rights Act (CPRA), and the rapid growth in data privacy legislation now proposed by more than half of all states.

Another key driver is the growth in data blindness caused by the proliferation of remote workers. The overnight shift to working from home in 2020 exacerbated data sprawl across a much broader threat surface, now comprising unmanaged assets such as homes and private networks, leaving many enterprises in a vulnerable state. A Microsoft survey reported 73% of Chief Information Security Officers indicated that their organization encountered leaks of sensitive data and data spillage within the year.

Data privacy protection tops IT priorities

Shoring up data privacy protection has moved to the top of the IT priority list for a vast majority of organizations. The landscape for data privacy solutions can be overwhelming with hundreds of point solutions available, often found as specific features within broader product categories.

To aid enterprises in their buying decision for data privacy solutions, which we at Spirion believe begins with a robust data discovery and data classification foundation, Forrester published a report segmenting the data discovery and classification market and providing topline recommendations for platforms. But, in the short two years since that report’s release, data discovery and classification capabilities have advanced, and the need for them as processes in broader security and privacy strategies has grown more pressing. In this article, we’ll compare the key takeaways from that informative report with the state of the data discovery and classification market today.

Know where your data lives

Forrester’s report called data discovery and data classification foundational capabilities “to develop to optimize your efforts for security, privacy, and compliance.” They highlight the many benefits for enterprises investing in data discovery and classification technology to:

  • “…Gain greater visibility and understanding of the organization’s sensitive data…” – By introducing automation and consistency, data discovery and classification technologies “…[reduce] reliance on more error-prone approaches like surveying employees or using regulation expressions to find data.”
  • “…Secure sensitive data with appropriate controls and policies. The level of classification will help you determine the types of controls and handling necessary for your data. Classification labels…also help those who use and handle data better comprehend the value of the data that they work with.”
  • “…Support compliance, privacy, and ethical data use. Meeting compliance requirements, third-party partner requirements, and internal privacy and ethical standards for data use require an understanding of what data your organization collects, processes, stores, and shares.”

Data discovery and data classification are also increasingly important to your customers. According to Forrester Analytics, commitment to information confidentiality and data privacy was the number one response from U.S. and Canadian customers when asked, “Which aspects of corporate social responsibility are important to you?”

“But,” the Now Tech report states, “to realize these benefits, you’ll first have to select from a diverse set of vendors that vary by size, functionality, geography, and vertical market focus.” This is precisely the point of this post, so let’s break the market down, according to Forrester.

Start with size and functionality

According to Research and Markets, the data classification market size is projected to grow to $12.4 billion by 2026. This represents a compound annual growth rate of 16.1% between 2020 and 2026 driven by factors such as the COVID-19 pandemic as well as an increasing focus on data security across all verticals.

Forrester segments the data discovery and classification market according to two key parameters: market size based on related product revenue and technology functionality. They classify industry players into three tiers based on revenue as follows:

  • Large established players (more than $50 million in data discovery and classification revenue). This segment includes Google, Microsoft, Varonis, Digital Guardian among others.
  • Midsize players (between $10 million to $50 million in data discovery and classification revenue). This segment includes BigID, Bolden James, and Amazon Web Services, among others.
  • Smaller players (less than $10 million in data discovery and classification revenue). This segment includes up-and-comers such as Concentric AI, ActiveNav, and MinerEye, among others.

From a functionality standpoint, Forrester “…broke the data discovery and classification market into five segments, each with varying capabilities to address specific data challenges,” as follows:

  1. “Data management enables preparing data for use. These offerings typically support efforts like data governance, data quality and accuracy, and data mapping and lineage analysis.”
  2. “Information governance supports data lifecycle management. These offerings help with ROT (redundant, obsolete, trivial) reduction, cloud migration, storage reduction and infrastructure optimization, data lifecycle requirements like retention, deletion, and disposition…These offerings typically focus on unstructured data.”
  3. “Privacy facilitates privacy processes and compliance. These offerings help enable fulfillment of data subject access rights like data access or deletion requests, track cross-border data transfers, and manage privacy processes to support requirements like CCPA and GDPR. These tools often also help you understand the risks to your data and support security use cases.”
  4. “Security aims to understand the data to apply appropriate controls. These offerings enable you to take actions to protect your data and enforce security policies, such as access control and governance, DLP, encryption, rights management and more… These are often established security vendors and tech titans, with some startups in the mix.”
  5. “Specialists have a targeted focus on discovery and classification … These are typically startups with a specific focus or niche in discovery and classification.”

They rated each of the five market segments according to 10 functional requirements, ranging from data type coverage breadth and data tagging/labeling breadth to data identification techniques and data tagging/labeling techniques.

The privacy market segment rated high in data type coverage breadth, data discovery scope, and data identification scope. However, privacy solutions rated low in data tagging/labeling breadth and data tagging/labeling techniques. Interestingly, so were four out of five functional market segments.

Forrester then summarized each of the 33 vendors included in the report, their primary functionality segment, geographic breakdown by percentage of revenue, vertical market focus by revenue, and representative customers. Among the vendors classified in the privacy market segment were Spirion, Dataguise, and Securiti.ai

Key takeaways

The report closes with several takeaways. Among them are recommendations to:

  • “Improve data protection with data discovery and classification…a foundational capability to develop to optimize your efforts for security, privacy, and compliance. You can’t protect what you don’t know you have.”
  • “Select vendors based on size and functionality. Functionality is key for aligning with use cases and outcomes you’re looking for from data discovery and classification.”
    • Organizations need to consider the scalability of their security tools, as well. As organizations grow, the volume of data processed will grow as well. Solutions like the Spirion Sensitive Data Manager handle this by automating data classification processes throughout the data lifecycle.
  • “Expect to rely on multiple tools to address all your needs.” The report notes that data discovery and classification “is often a feature, likely in tools you already have…When these capabilities are a feature, they typically support a specific scope or provide siloed coverage.”
    • When relying on multiple tools for your data discovery and classification needs, it’s imperative that inefficiencies are avoided. Integrated solutions ensure seamless protection throughout your security stack while enhancing existing product capabilities.

They also offer the following guidelines when considering data discovery and classification solutions:

  • “Evaluate what you already have in your environment to determine if current capabilities suit your requirements”
  • “Clarify your desired use case and outcomes to identify the best tool for the job”
  • “Ask where, what, and how to fully understand what a tool offers.”

The value of proper data classification

While many companies recognize the value of data discovery, the collection of data alone holds no value. To create effective solutions, proper data classification is necessary. Data classification allows creates better organizational processes by:

  • Protecting sensitive business and customer data
  • Allowing better compliance with ever-changing regulatory requirements
  • Increasing efficiencies while lowering risks

Platforms like the Spirion Governance Suite combine both data discovery and classification (as well as remediation) to create a comprehensive solution customized to organizational needs. This proactive approach allows for complete protection of sensitive data.

Closing thoughts

When it comes to comparing data protection solutions, these four considerations can help you evaluate your available options:

  1. What data are you protecting? Is it all personal data, or specific to your industry, such as health or financial information?
  2. What do you want the solution to do? Do you want fully automated processes, for example, or do you want to allow users to contribute to some parts and automate others?
  3. Know your existing infrastructure. The data protection solution should interact seamlessly with your existing architecture to avoid potential vulnerabilities due to incompatibility.
  4. Think about the future. Short-term and long-term goals are essential when choosing a data protection solution. The solution should meet current data privacy, compliance, and confidentiality requirements while remaining agile enough to respond to ever-changing laws and regulations.

How Spirion addresses your organizational needs

As a market leader in the data security and privacy space, Spirion understands what it takes to ensure the data discovery and classification needs of your organization are met. With a proven 98.5% accuracy rate and more than 1.9 million petabytes of information under protection, Spirion can help you gain clarity and control of your data as well as the confidence that your data is protected.

See how we address the four considerations for data protection solutions listed above when you request a demo.

See the full report

Read a complimentary copy of “Now Tech: Data Discovery And Classification, Q4 2020—Forrester’s Overview of 33 Data Discovery and Classification Providers”.

Read the report