Inventory & Classification

Today almost all company-relevant processes are controlled via several business applications that process, collect and store large amounts of data. Further, data analytics and large data storage pools like Big Data spread the data across the organization.



The cloud-based components for storing and processing data have increased the risks among sensitive data at a high level. Companies have to take actions and measures to initiate data protection from unwanted disclosure, damage, or loss even though in cloud servers.

Find the right data security solution for your organization

We offer various options to support you in choosing the right measures for mitigating these risks. We are specialized in INTERNAL THREAT SCENARIOS and can cover different solutions.

“Our Solution Components are PROPORTIONATE, EFFECTIVE and SIMPLE”.

Schedule A Demo

Plan your next steps here

To prioritize the next steps on your side, follow the relevant questions.

What sensitive data do we have? Where is the data located? Can we group & classify them?

Workshops for the identification and grouping of data with special protection needs as part of the Inventory & Classification discipline.

Which internal threat scenarios apply to us? What legal, regulatory, or internal requirements are relevant?

Workshop for the identification of possible threat scenarios & risks as part of the Risk & Governance discipline.

Can we test a specific network security solution to technically validate our objectives?

Carrying out a proof-of-concept of one or more solution modules with "non-productive" customer systems.

Can we validate an IT and security solution tailored to our situation and infrastructure?

This possibility is given with a time-limited pilot integration on "productive" customer systems.


Sensitive Data Identification & Grouping

Data identification and classification is about grouping and structuring highly sensitive business data such as construction plans, recipes, price plans, sales and commission plans, and much more, that is relevant for all measures.

We create a grid with special data protection requirements, classify the data in terms of governance risks, and group the data to control all technical measures on the main groups.


Threat Modeling & Use Cases

Have you already defined various threat scenarios? Or would you like to define scenarios for internal threats? We work out the relevant threats and create a risk map to implement technical measures.


Our assessement workshop

We plan and conduct workshops to develop the basics for technical measures. Our workshops usually last 2 to 3 days on-site at the customer and include the following structure:

  • Introduction to the topic
  • Create a common understanding
  • Development of the main topics (e.g. data identification)
  • Documentation of the results

Send us your request and we will be happy to contact you for further information.


While operating and navigating through the business applications, we access an enormous amount of data. These data are stored, restricted, or open to sharing depending on the nature of the data. If the content is sensitive, it requires special data protection security.

Knowing what data is located where and who is responsible for the data collection is the key for digitalized businesses. Due to the nature of how organizations are generating the business, a huge number of data is collected and processed either as structured data in applications with central data sources like a database or unstructured like in Microsoft Office documents, PDF, and many more.

Create an inventory

During the daily usage of business applications and data processing, organizations produce an enormous amount of data. The data is stored on restricted or open share depending on the nature of the data, whether the content is sensitive and the data collected and processes require special protection.

But how to find sensitive data in our data pools?

Sensitive Data is produced along with all other data in a day-to-day operations scenario. Therefore the organization needs to understand what data is generated along the full data object life cycle. Cloud-based services enable organizations to use IT infrastructures and processes, the data is also widely distributed.

Therefore we need to search our data and identify the data sets that are either legally protected, regulated by an industry regulator, or need higher protection as company secrets. This “research” of sensitive data requires technical instruments to ensure the best coverage of the inventory.

During the inventory, process-specific criteria are applied to identify the sensitive data from various sources such as databases, Sharepoint, Filesharers. The information from this inventory provides an accurate analysis of the amount of the sensitive data, its data source, creator, and its purpose of usage.

Grouping criteria to address different risks

How to apply different risk factors to the sensitive data within the organization? The best way is to logically group data sets with similar risks. All technical measures can be applied to the specific group with different actions against internal threats.

Read More

Apply classification criteria

The classification criteria, usually provided through corporate governance, builds the fundamentals to perform risk assessments such as personal identity information, financial data, marketing data, etc.

Classification labels are applied by instruments that support the user while creating the data and suggesting the corresponding items. With these labels, security protection instruments can monitor the data flows and act accordingly.

Additionally, the organization can decide to apply data protection measures like automated file encryption if the data set contains sensitive data.

Read More

Let’s Collaborate

Visit our products pages to read more about the capabilities and features of our products related to this discipline:

Sign Up for Our Newsletter!