您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

对组织的数据进行分类Classify your organization's data

数据分类使你可以确定和分配组织数据的价值,并为管理提供一个常见的起点。Data classification allows you to determine and assign value to your organization's data and provides a common starting point for governance. 数据分类流程按敏感度对数据进行分类,以便确定风险。The data classification process categorizes data by sensitivity and business impact in order to identify risks. 在对数据进行分类后,可以通过保护敏感数据或重要数据的方式对数据进行管理。When data is classified, you can manage it in ways that protect sensitive or important data from theft or loss.

了解数据风险,并对其进行管理Understand data risks, then manage them

在可以管理任何风险之前,必须对其进行了解。Before any risk can be managed, it must be understood. 对于上面提到的第一种风险,先从数据分类开始了解。In the case of data breach liability, that understanding starts with data classification. 数据分类是将元数据特征关联到数字领域中的每个资产的过程,用于标识与该资产关联的数据类型。Data classification is the process of associating a metadata characteristic to every asset in a digital estate, which identifies the type of data associated with that asset.

标识为迁移或部署到云的可能候选项的任何资产都应有记录的元数据来记录数据分类、业务关键性和计费责任。Any asset identified as a potential candidate for migration or deployment to the cloud should have documented metadata to record the data classification, business criticality, and billing responsibility. 这三个分类点对于了解和缓解风险有很大帮助。These three points of classification can go a long way to understanding and mitigating risks.

Microsoft 使用的分类Classifications Microsoft uses

下面是 Microsoft 使用的分类列表。The following is a list of classifications Microsoft uses. 根据你的行业或现有的安全要求,你的组织中可能已存在数据分类标准。Depending on your industry or existing security requirements, data classification standards might already exist within your organization. 如果不存在标准,你可能希望使用此示例分类来更好地了解你自己的数字场地和风险配置文件。If no standard exists, you might want to use this sample classification to better understand your own digital estate and risk profile.

  • 非企业: 个人生活中不属于 Microsoft 的数据。Non-business: Data from your personal life that doesn't belong to Microsoft.
  • 公共: 免费提供并批准公开使用的业务数据。Public: Business data that is freely available and approved for public consumption.
  • 一般: 面向公共受众的业务数据。General: Business data that isn't meant for a public audience.
  • 机密: 如果 overshared,可能会对 Microsoft 造成损害的业务数据。Confidential: Business data that can cause harm to Microsoft if overshared.
  • 高度机密: 如果 overshared,将对 Microsoft 造成大量损害的业务数据。Highly confidential: Business data that would cause extensive harm to Microsoft if overshared.

在 Azure 中标记数据分类Tagging data classification in Azure

资源标记是用于元数据存储的一种好方法,你可以使用这些标记将数据分类信息应用于已部署的资源。Resource tags are a good approach for metadata storage, and you can use these tags to apply data classification information to deployed resources. 尽管按分类对云资产进行标记不是正式的数据分类过程的替代,但它提供了一个用于管理资源和应用策略的重要工具。Although tagging cloud assets by classification isn't a replacement for a formal data classification process, it provides a valuable tool for managing resources and applying policy. Azure 信息保护 是一个出色的解决方案,可帮助你对数据本身进行分类,无论它位于本地、Azure 中或其他) (。Azure Information Protection is an excellent solution to help you classify data itself, regardless of where it resides (on-premises, in Azure, or somewhere else). 将其视为整体分类策略的一部分。Consider it as part of an overall classification strategy.

执行操作Take action

使用定义的数据分类来定义和标记资产,以采取措施。Take action by defining and tagging assets with a defined data classification.

后续步骤Next steps

通过查看有关保护敏感数据的文章,继续了解本文系列。Continue learning from this article series by reviewing the article on securing sensitive data. 如果你正在使用分类为机密或高度机密的数据,则下一篇文章包含适用的见解。The next article contains applicable insights if you are working with data that is classified as confidential or highly confidential.