分類組織的資料Classify your organization's data

資料分類可讓您判斷並指派組織資料的價值,並提供共同管理的共同起點。Data classification allows you to determine and assign value to your organization's data and provides a common starting point for governance. 資料分類程式會依敏感性和業務影響來分類資料,以找出風險。The data classification process categorizes data by sensitivity and business impact in order to identify risks. 分類資料時,您可以透過保護敏感或重要資料免于遭竊或遺失的方式進行管理。When data is classified, you can manage it in ways that protect sensitive or important data from theft or loss.

瞭解資料風險,然後管理它們Understand data risks, then manage them

在可以管理任何風險之前,您必須先瞭解。Before any risk can be managed, it must be understood. 對於資料安全性缺口責任,必須先了解資料分類。In the case of data breach liability, that understanding starts with data classification. 資料分類是一種程式,可將中繼資料特性與數位資產中的每個資產產生關聯,以識別與該資產相關聯的資料類型。Data classification is the process of associating a metadata characteristic to every asset in a digital estate, which identifies the type of data associated with that asset.

任何識別為可能適合遷移或部署至雲端的資產都應該有記載的中繼資料,以記錄資料分類、業務重要性和帳單責任。Any asset identified as a potential candidate for migration or deployment to the cloud should have documented metadata to record the data classification, business criticality, and billing responsibility. 這三個分類點對於了解和降低風險很有幫助。These three points of classification can go a long way to understanding and mitigating risks.

Microsoft 使用的分類Classifications Microsoft uses

下列是 Microsoft 使用的分類清單。The following is a list of classifications Microsoft uses. 視您的產業或現有的安全性需求而定,您的組織中可能已經有資料分類標準。Depending on your industry or existing security requirements, data classification standards might already exist within your organization. 如果沒有任何標準,您可能會想要使用此範例分類,以進一步瞭解您自己的數位資產和風險設定檔。If no standard exists, you might want to use this sample classification to better understand your own digital estate and risk profile.

  • 非企業: 您個人生活中不屬於 Microsoft 的資料。Non-business: Data from your personal life that doesn't belong to Microsoft.
  • 公用: 免費提供且已核准可供公開使用的商務資料。Public: Business data that is freely available and approved for public consumption.
  • 一般: 適用于公眾物件的商務資料。General: Business data that isn't meant for a public audience.
  • 機密: 如果 overshared,可能會對 Microsoft 造成損害的商務資料。Confidential: Business data that can cause harm to Microsoft if overshared.
  • 高度機密: 如果 overshared,可能會對 Microsoft 造成大量損害的商務資料。Highly confidential: Business data that would cause extensive harm to Microsoft if overshared.

在 Azure 中標記資料分類Tagging data classification in Azure

資源標記適合用來儲存中繼資料,而且您可以使用這些標記將資料分類資訊套用至已部署的資源。Resource tags are a good approach for metadata storage, and you can use these tags to apply data classification information to deployed resources. 雖然依分類來標記雲端資產不是正式資料分類程式的替代方案,但它提供了一個重要的工具來管理資源及套用原則。Although tagging cloud assets by classification isn't a replacement for a formal data classification process, it provides a valuable tool for managing resources and applying policy. Azure 資訊保護 是一個絕佳的解決方案,可協助您將資料本身分類,不論其 (位於內部部署、Azure 或其他) 的地方。Azure Information Protection is an excellent solution to help you classify data itself, regardless of where it resides (on-premises, in Azure, or somewhere else). 請將它視為整體分類策略的一部分。Consider it as part of an overall classification strategy.

採取動作Take action

使用定義的資料分類來定義和標記資產,以採取動作。Take action by defining and tagging assets with a defined data classification.

後續步驟Next steps

藉由查看保護敏感性資料的相關文章,繼續從本文系列學習。Continue learning from this article series by reviewing the article on securing sensitive data. 如果您正在使用分類為機密或高度機密的資料,下一篇文章會包含適用的見解。The next article contains applicable insights if you are working with data that is classified as confidential or highly confidential.