The Analyst View: Key takeaways from Forrester’s Now Tech: Data Discovery and Classification Report

Although data discovery and classification have formed the bedrock of strong data governance programs for several decades, they are experiencing a resurgence in popularity by organizations of every size and across every sector. The renewed interest is primarily driven by the emergence of stringent compliance regulations, such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), and the rapid growth in data privacy legislation now proposed by more than half of all states.

Another key driver is the growth in data blindness caused by the influx of remote workers in response to the pandemic. The overnight shift to #WFH has exacerbated data sprawl across a much broader threat surface, now comprising unmanaged assets such as homes and private networks, leaving many enterprises in a vulnerable state. In a recent survey conducted by Microsoft, “73% of CISOs indicated that their organization encountered leaks of sensitive data and data spillage in the last 12 months.”

Data privacy protection tops IT priorities

It should come as no surprise then that shoring up data privacy protection has moved to the top of the IT priority list for a vast majority of organizations. With hundreds of point solutions available, often found as a specific feature within broader product categories, the landscape for data privacy solutions can be overwhelming. To aid enterprises in their buying decision for data privacy solutions—which, we at Spirion, believe begins with robust data discovery and classification foundation—Forrester recently released a Now Tech: Data Discovery and Classification, Q4 2020 report, subtitled, “Forrester’s Overview of 33 Data Discovery and Classification Providers” (Heidi Shey, October 2020).
The instructive report segments the data discovery and classification market and provides topline recommendations so that “security and risk professionals [can] use this report to understand the value they can expect from a data discovery and classification provider and to select one based on size and functionality.” In today’s post, we’ll discuss what we consider to be the key takeaways from the informative report.
Forrester names Spirion in NowTech Report

Know where your data lives

Spirion recently had the pleasure of hosting a webinar (What to Prioritize During Uncertain Times) and Q&A session featuring guest speaker and Forrester analyst, Heidi Shey, who also led their Now Tech: Data Discovery and Classification, Q4 2020 research. Heidi is a Principal Analyst serving Security & Risk Professionals. Her research primarily focuses on data security and privacy strategy, skills development, policies, and related technology controls.
Forrester’s new report calls data discovery and classification a “foundational capability to develop to optimize your efforts for security, privacy, and compliance.” They highlight the many benefits for enterprises investing in data discovery and classification technology to:

  • “…Gain greater visibility and understanding of the organization’s sensitive data…” – By introducing automation and consistency, data discovery and classification technologies “…[reduce] reliance on more error-prone approaches like surveying employees or using regulation expressions to find data.”
  • “…Secure sensitive data with appropriate controls and policies. The level of classification will help you determine the types of controls and handling necessary for your data. Classification labels…also help those who use and handle data better comprehend the value of the data that they work with.”
  • “…Support compliance, privacy, and ethical data use. Meeting compliance requirements, third-party partner requirements, and internal privacy and ethical standards for data use require an understanding of what data your organization collects, processes, stores, and shares.”

It’s also increasingly important to your customers. According to Forrester Analytics, when asked, “Which aspects of corporate social responsibility are important to you?” the number one response option in the US and Canada was the commitment to information confidentiality and data privacy.
“But,” the Now Tech report states, “to realize these benefits, you’ll first have to select from a diverse set of vendors that vary by size, functionality, geography, and vertical market focus.” This is precisely the point of this post, so let’s break the market down, according to Forrester.

Start with size and functionality

Forrester segments the data discovery and classification market according to two key parameters: market presence based on related product revenue and technology functionality. They classify industry players into three tiers based on revenue as follows:

  • Large established players (more than $50 million in data discovery and classification revenue). This segment includes Google, Microsoft, Varonis, Digital Guardian among others.
  • Midsize players (between $10 million to $50 million in data discovery and classification revenue). This segment includes yours truly in addition to BigID, Bolden James, and Amazon Web Services, among others.
  • Smaller players (less than $10 million in data discovery and classification revenue). This segment includes up-and-comers such as Concentric AI, ActiveNav, and MinerEye, among others.

From a functionality standpoint, Forrester “…broke the data discovery and classification market into five segments, each with varying capabilities to address specific data challenges,” as follows:

  1. “Data management enables preparing data for use. These offerings typically support efforts like data governance, data quality and accuracy, and data mapping and lineage analysis.”
  2. “Information governance supports data lifecycle management. These offerings help with ROT (redundant, obsolete, trivial) reduction, cloud migration, storage reduction and infrastructure optimization, data lifecycle requirements like retention, deletion, and disposition…These offerings typically focus on unstructured data.”
  3. “Privacy facilitates privacy processes and compliance. These offerings help enable fulfillment of data subject access rights like data access or deletion requests, track cross-border data transfers, and manage privacy processes to support requirements like CCPA and GDPR. These tools often also help you understand the risks to your data and support security use cases.”
  4. “Security aims to understand the data to apply appropriate controls. These offerings enable you to take actions to protect your data and enforce security policies, such as access control and governance, DLP, encryption, rights management and more… These are often established security vendors and tech titans, with some startups in the mix.”
  5. “Specialists have a targeted focus on discovery and classification … These are typically startups with a specific focus or niche in discovery and classification.”

They rate each of the five market segments according to ten functional requirements, ranging from data type coverage breadth and data tagging/labeling breadth to data identification techniques and data tagging/labeling techniques.

The privacy market segment rated high in data type coverage breadth, data discovery scope, and data identification scope. However, privacy solutions rated low in data tagging/labeling breadth and data tagging/labeling techniques. Interestingly, so were four out of five functional market segments.
Forrester then summarizes each of the 33 vendors included in the report, their primary functionality segment, geographic breakdown by percentage of revenue, vertical market focus by revenue, and representative customers. Among the vendors classified in the privacy market segment were Spirion, Dataguise, and Securiti.ai.

Key takeaways

The report closes with a few key takeaways. Among them are the recommendations to:

  • “Improve data protection with data discovery and classification…a foundational capability to develop to optimize your efforts for security, privacy, and compliance. You can’t protect what you don’t know you have.”
  • “Select vendors based on size and functionality. Functionality is key for aligning with use cases and outcomes you’re looking for from data discovery and classification.”
  • “Expect to rely on multiple tools to address all your needs.” The report notes that data discovery and classification “is often a feature, likely in tools you already have…When these capabilities are a feature, they typically support a specific scope or provide siloed coverage.”

They also offer the following guidelines when considering data discovery and classification solutions:

  • “Evaluate what you already have in your environment to determine if current capabilities suit your requirements”
  • “Clarify your desired use case and outcomes to identify the best tool for the job”
  • “Ask where, what, and how to fully understand what a tool offers.”

Closing thoughts

In a recent post, Spirion also shared recommendations on how to compare data protection solutions and highlighted four considerations when evaluating available options:

  1. What data are you protecting? Is it all data or personal data? Are you worried about data privacy, data confidentiality, eDiscovery, or data lifecycle management?
  2. What do you want the solution to do? When comparing solutions, make sure the solutions meet your specific requirements.
  3. Know your existing infrastructure. The data protection solution should interact seamlessly with your existing architecture to avoid potential vulnerabilities due to incompatibility.
  4. Think about the future. Short-term and long-term goals are essential when choosing a data protection solution. The solution should meet current data privacy, compliance, and confidentiality requirements and expand to respond to ever-changing laws and regulations.

See the full report

Read a complimentary copy of “Now Tech: Data Discovery And Classification, Q4 2020—Forrester’s Overview of 33 Data Discovery and Classification Providers”.

Read the report