New research warns poor labelling leaves critical assets exposed and budgets stretched
New roadmap calls for end-user training and governance to sustain classification programs
Sensitive information can slip through gaps in protection when organizations misclassify their data, reported Info-Tech Research Group in newly published research.
The firm said that without proper classification, organizations could overprotect low-value information or underprotect critical assets, particularly as data volumes increase and regulatory demands grow stricter.
According to Info-Tech’s recently published blueprint Discover and Classify Your Data, many classification initiatives falter due to execution and sustainability challenges rather than issues with technology or tools.
The research noted that organizations often underestimate the importance of end-user training, struggle with inconsistent handling procedures, or approach classification as a one-off project rather than a long-term program.
Without clear governance and visibility, the firm cautioned that protection levels can drift and resources may become misallocated.
Safayat Moahamad, a research director at Info-Tech Research Group, said, “Effective discovery depends on knowing the data sources and how they integrate with business workflows.”
He added that IT leaders should work with business-end data owners to set priorities, embed data classification into routine processes, and provide support on the technical side of the program.
The research findings emphasised that engaging data owners and embedding classification into daily workflows are essential for lasting success.
Info-Tech outlined key challenges that continue to stall progress despite investments in governance: overwhelming data volumes, inconsistent procedures, limited budgets, and persistent end-user behaviour gaps.
To address these issues, the firm’s blueprint sets out a three-phase roadmap:
-
Phase 1 – Formalize the Program: CIOs and governance teams establish a steering committee, define policies and standards, and assign roles and responsibilities.
-
Phase 2 – Discover the Data: IT teams and business data owners collaborate to identify where critical information is stored through technology-based tools and structured interviews.
-
Phase 3 – Classify, Maintain, and Optimize: IT leaders oversee classification, end users apply labels in daily workflows, and governance teams track metrics, provide training, and reassess regularly to ensure ongoing efficiency.
Info-Tech added that the blueprint includes tools such as a Data Classification Inventory, a Metrics Tracking framework, and awareness materials to integrate classification into organizational workflows.
The firm said that following this incremental approach can help establish sustainable programs that protect sensitive data, improve compliance, reduce storage costs, and ensure accountability.
