Classification

Classification Overview

For this overview, when we refer to the corporate database, we are referring to the collection of all of the individual databases owned by the corporation (the customer).

As the size and organization of the corporate database grows, sensitive information like credit card numbers and transactions, or personal financial data, may be present in multiple locations, without the knowledge of the current owners of that data. This frequently happens in corporations that have experienced mergers and acquisitions and in older corporations where legacy systems have outlasted their original owners. Even in the best of cases, integration and enhancement projects between disparate systems can easily leave sensitive data unknown and unprotected.

Guardium provides the Classification feature to discover and classify sensitive data, so that you can make and enforce effective access policy decisions.

Classification Terminology

A classification policy is a set of rules designed to discover and tag sensitive data elements (database tables or files). You can define a set of actions to be taken for each rule. An action might be to generate an email alert, or to add a member to a (Guardium) group. Each time a rule is satisfied, that event is logged, and thus can be reported upon (unless ignore is specified as the action to be taken, in which case there is no logging for that rule).

A datasource identifies a specific database instance, and its definition on the Guardium appliance can optionally store account information and any other parameters required to access the database. Datasource definitions can be shared, and can be used by other applications in addition to classification. For detailed information about datasources, see Datasources.

A classification process defines a job consisting of a classification policy and one or more datasources. The process can be submitted to be run once, or it can be scheduled to run on a periodic basis, as a task in a compliance workflow automation process.

See the following topics to define and use classification policies and processes: