FAQs | ClassiDocs
Q: What makes ClassiDocs different?
A: ClassiDocs is the only product on the market with a wide-ranging, feature-rich capability set that includes:
• all-enterprise scale processing for every data point in your IT estate
• continuously validated and maintained data classification policies and rulesets
• classification of data as it is created, used and forwarded – iceberg (long stored) is also classified (and re-classified on demand)
• classification based on corporate policies and end-user feedback
• a user-first, branded experience that requires no specific training
• multi-steward management and real-time oversight
• fast, cost effective deployment with your existing infrastructures (Cloud or Hybrid)
Q: What types of data files does ClassiDocs classify?
A: ClassiDocs inventories and classifies your entire data estate, including structured data; unstructured data; all end points; cloud data drives (any attached/mapped storage); databases; email; blockchain; and data at rest and in flight.
ClassiDocs supports over 200 file types:
ClassiDocs supports over 400 structured databases:
Q: What about “web services”?
A: Data Governance, Classification, and eDiscovery for Privacy Compliance is MUCH more than just scanning your SharePoint and a few files shares. We believe it encompasses the organization’s whole data estate. This also means, especially in some cases, all platforms that are considered to be services but retain a lot of data, most of it sensitive. Consider CRM systems like Salesforce, ticketing systems like ServiceNow, and even cloud-based ERP and accounting platforms; we believe all of these are inclusive of the data estate, and we cover them all. ClassiDocs supports data in flight across multiple platforms: https://www.data443.com/platforms-supported-data-flight/
Q: What platforms and other technology solutions does ClassiDocs support?
A: ClassiDocs integrates natively with DLP, CASB, SIEM, cloud solutions, and most any industry-specific software package that supports a RESTful API. The product supports over 200 file types and 400 databases and can deploy within most any existing platform, including Microsoft Office, Windows XP, Outlook, Autodesk, AutoCAD, and related stack.
Q: Can ClassiDocs classify on the Apple/Mac platform?
A: ClassiDocs network scanners can classify any documents stored on network repositories. A native Linux scanner for “data at rest” is in the lab today. This will be used for Mac OS X and other Linux variants. Today, we fully support Microsoft Office on Mac with our universal classification add-in. This allows for classification actions from all parts of the Office for Mac platform.
Q: Does ClassiDocs offer mobile support?
A: We operate natively with all Microsoft Office applications on all mobile platforms (Apple, Android, Tablets, etc.). In the lab, we are developing an Android-native file scanner that will operate much like our other “data at rest” scanners for endpoints. This technology is currently available for trial upon request.
The Apple platform does not allow or enable local file scanning without significant user interaction; we are working on solutions for this issue.
Q: How does ClassiDocs classify mobile data in flight?
A: For all Microsoft-based office products on Mobile (Android, Apple, etc.) he have a native classification add-on that runs within the Office product itself (Excel on Android, etc.). This add-on will perform the same classification activities as the desktop-based version to cover Outlook, Excel, Word, and PowerPoint, and all versions of Android and Apple.
Q: How does ClassiDocs classify mobile data at rest?
A: We have an Android application in beta right now that will scan the local files ystem on the device and do full ‘data at rest’ classification. Apple has introduced a small API for local file scanning (which requires explicit end-user approval; we are in active development for this today. Microsoft Surface Tablets are considered to be Windows 10 so full support is for all capabilities is included.
Q: How does ClassiDocs classify mobile data in a disconnected state?
A: When machines are offline, e.g., laptops with no network connection, ClassiDocs stores the last known configuration and settings so local classification and activities are still performed while offline.
Q: Does ClassiDocs work with or against Microsoft Azure Information Protection (AIP/MIP)?
A: Many customers receive AIP as part of their existing licensing agreements. We work closely with the technology through the Microsoft Interoperability Program (MIP) to expand its scope and capabilities, including reach across cloud platforms and into the endpoint estate. In short, AIP is a great platform for data protection within a specific platform scope, as outlined below.
1. AIP will only classify data “at rest” if it is stored in Azure.
i. Data on laptop/desktops “at rest” will not be classified thus NOT protected.
ii. Data “at rest” on NAS/SAN will not be classified thus NOT protected.
2. AIP will not register documents for protection if they are created in Office Online (i.e., add-ins don’t yet support AIP).
a. ClassiDocs is the longest standing partner for AIP.
i. We classify ALL data no matter where it is, even on other clouds.
ii. All of this data can be registered with AIP for protection profiles.
3. AIP does not classify any database or cloud web services data (e.g., Salesforce); ClassiDocs supports over 400 database types.
4. AIP does not classify many file types outside of Office-related files; ClassiDocs classifies over 200
5. ClassiDocs shares classification rules and policies with other platforms such as Web Proxies, CASB,
DLP, and Firewalls directly.
Q: How is ClassiDocs managed?
A: ClassiDocs delivers centralized control and analytics via a single management console. All operational considerations are easily managed from the settings page. The reporting and analytics engines deliver full visibility into classification performance and types via the same console. Architecturally it only requires Microsoft IIS server and a SQL server.
Aside from the administrator console, there is a special interface that is designed to be used primarily by the Classification/Governance Administrator. This person (generally not an IT employee), is able to directly manage policy and rule changes to the classifications themselves. This is a unique feature of the ClassiDocs solution and enables the business to manage directly their security rules, increasing ruleset accuracy and reducing reliance on the IT department for daily changes. Additionally, this allows the Governance Administrator to see direct end-user feedback on the classification policies from the end-users themselves – directly “crowd sourcing” classification rules and policies from data users and creators.
Q: What data is stored in the cloud about the data ClassiDocs classifies?
A: The ClassiDocs rapid-deployment option, which deploys via cloud services with data residency handled, stores only the metadata of the document stack. This includes the file name, location, classification, date/time stamps, and file permissions (if available). ClassiDocs does NOT replicate any file contents anywhere within the environment. In the cloud deployment context, each customer instance is a private non-multitenant implementation. We can use your tenancy with a vendor to deliver or ours with your administrative privileges.
Q: Does using ClassiDocs require me to move data across different repositories?
A: No, data is classified and analyzed “where is rests”. Our agents attach to it locally or remotely as needed – but there are no additional storage or storage transfers required.
Q: What regulatory compliance features does ClassiDocs offer?
A: Purpose-built for privacy compliance enablement, ClassiDocs provides accurate, responsive data services for governance, discovery, and compliance. Out of the box, users can: discover PII, PCI, HIPAA, and other confidential information; report on and remediate security access controls; comply with 12 of the most critical GDPR articles; respond to DSARs and remediation actions with built-in analytics; enable customer eDiscovery; and more.
Q: Does ClassiDocs tag documents?
A: Yes, for documents that support metadata attributes such as Office documents, some CAD/CAM, and some image files, ClassiDocs will “stamp” or “tag” the documents with the classification it has computed or a user-entered classification if that option is available. Additionally, ClassiDocs can stamp any custom attributes you require, for example, any that will assist your CASB or signify retention policies, etc.
In the event the file type does not support native metadata tagging, ClassiDocs will stamp the filesystem with the same data so it may be still read/parsed by other platforms as well. In all cases, the information is recorded in the ClassiDocs backend repository and is available for direct query at any time. Additionally, all of this information is available via a RESTFul API call from any other platform that may wish to validate the more recent classification for the file or any/all previous classifications for the same file.
Optionally, we also have a Classification WebService available that will receive ANY streamed text information or supported file type and will classify that on the fly. This is important for platforms that either don’t support a rich RESTFul API call (perhaps an older mainframe or AS/400 application that may need a classification for some text) or a security appliance that focusses on recompiling files and needs them classified on the fly such as a web proxy or CASB solution.
Q: How do you “tag” databases?
A: Rest assured, we don’t modify source databases with any information. ClassiDocs supports over 400 database types (web services, local databases, and other structured data stores) – see the full list here: https://www.data443.com/databases_supported/
ClassiDocs agents will attach to the data repository and discover the database schema, crawl the tables and columns, and take the policies/rules (text patterns, regex) stored in the ClassiDocs backend and compute a classification – right down to the Tuple level. This information is recorded completely (and only) in the ClassiDocs backend repository. This information can then be retrieved or managed as you see fit.
Importantly, this functionality gives you an instance and completely up-to-date classification of your entire database estate – continuously. Every CIO wants a complete inventory of databases – ClassiDocs gives you that PLUS continuously applied classification as the data lives within your organization. So even if a classification changed 30 minutes ago, the new classification is reflected in real-time.
Q: Does ClassiDocs offer mail egress management (mobile and hybrid mail client scenarios)?
A: ClassiDocs has a full Microsoft Outlook add-in that manages all facets of the mail classification experience for end users on a desktop with Outlook installed, Outlook Web Access/Office365 browser-based sessions, and native Outlook clients for Android and iPhone.
In many cases, however, mail clients that are not native Outlook clients use corporate email, for example, Apple iPhone Mail attached to an Exchange domain for a corporate mailbox. There is no capability for a native add-on in that framework in order to manage classification and any mail egress/blocking rules. This is why we have developed a Native Microsoft Exchange mail transport agent (MTA) that utilizes native Microsoft and ClassiDocs APIs to both classify and apply rules based on classifications to ALL mail transacting any on-premise Microsoft Exchange system or Office365 tenant. This MTA will classify all mail passing through the mail system with the same rules that are applied to normal classification interfaces, e.g., the same rules as Microsoft Word, and then block, notify or add headers to the mail message. So, even if you happen to be using iPhone mail to Exchange, or PC-Eudora on Windows 3.1 with IMAP attachments to Office365, ClassiDocs is still able to classify, tag, and action mail – regardless of the mail client in use. This is an exclusive built-in feature of the ClassiDocs product.
Q: How does ClassiDocs classify Email?
A: ClassiDocs incorporates native and supported Outlook add-ins to deliver protection and classification for Outlook mail clients. This operates much like any of our other add-ins, with the same rules and policies applied. The add-in also enables tool tips and the ability to block or just notify on higher-risk email messages such as when sending “confidential” data to an outside mail domain. Likewise, some organizations use other mail clients (e.g., Apple Mail on the iPhone) so blocking on the client level is not always a completely reliable method. See: Does ClassiDocs offer mail egress management (mobile and hybrid mail client scenarios)?
Q: Does ClassiDocs classify PDFs? How?
A: PDF (Portable Document Format) is another file type that we handle, just as we handle a Word document. ClassiDocs has a filter that will open the file in its “native” format, which means we can read it normally like any other document. The same approach is used to read/manage the file’s metadata (if available). This also applies for layered PDFs that are produced from another source such as Word and saved as PDF.
For PDF’s that encase rasterized images such as a fax machine that receives inbound faxes and stores them on a hard drive, ClassiDocs opens the PDF and OCR (Optical Character Recognition) so it can parse the contents, in others words, find all of the letters/characters so the system can read them. We also have options available for native in-line OCR of image files for classification, please contact us to discuss.
Q: Does ClassiDocs classify JPEGs? How?
A: Yes, ClassiDocs classifies these files as described above.
See: Does ClassiDocs classify PDFs? How?
Q: Does ClassiDocs classify scanned documents? How?
A: Yes, ClassiDocs classifies these files as described above.
See: Does ClassiDocs classify PDFs? How?
Q: Does ClassiDocs classify zipped files?
A: Yes, ClassiDocs reads zipped files and classifies all documents within. Even if the zip file contains 15 different file types (Word, Excel, Text, etc.) it will classify them all. The .zip (.rar, .gz files as well) will receive a “rollup” classification to the highest sensitivity level. Additionally, all details of each file itself will have all classifications logged.
Q: Does ClassiDocs classify encrypted files?
A: ClassiDocs does not classify encrypted files, however, it does identify how many encrypted files are within your data estate. Additionally, if there is a web services hook provided with appropriate keys, ClassiDocs may route encountered encrypted file sets for a decrypt and re-encrypt action to a third party vendor. Our native PoSH exits and RESTFul in/out bound calls enable a number of integration capabilities.
Q: What does ransomware have to do with ClassiDocs?
A: Because ClassiDocs’ data estate coverage is so broad – all laptops, desktops, services, NAS, SAN and attached USB Devices – it is able to identify activities other solutions may miss. For example, should the number of encrypted files identified increase quickly within a short time, ClassiDocs will alert you to a possible ransomware attack so you can take action. Notifications may be made via a simple email, a SIEM alert or a RESTful API callout to another platform. ClassiDocs does not stop the attack; however, it can trigger other platforms to action the issue. Additionally, if you have a process/script that you wish to run in the event of a rapid increase of encrypted files (e.g., to shut down the machine or disconnect the host from the network) ClassiDocs is capable of running your script.
Q: Can ClassiDocs manage multitenancy?
A: Due to complexities and sometimes security issues with multitenancy, ClassiDocs is designed to be deployed in a single-customer/single-instance design. There are options to multisource database and web services components to same infrastructure simply. The data sets and web services components are designed to service individual client-bases.
Q: How fast can I have ClassiDocs up and running?
A: ClassiDocs can deploy in minutes – on premise, in the cloud, or hosted – using your existing infrastructure. All communications within the system are over standard https/port443 with no special network ports or other configuration items needed. Designed to be iterative in nature – ClassiDocs is designed to respond to policy and configuration changes in minutes across thousands of endpoints. Additionally, the system is a ‘continuously classified’ design – that is, as new data is added, policy changes, or data moves – it is reclassified with the most up to date ruleset as implemented in the backend – at all times.
Q: How is ClassiDocs licensed?
A: We believe in simplicity of design and operations. We license simply by “enterprise user”, which is the real-person count of users in your active directory, including employees and contractors with data usage. We do not require you to count servers and workstations, we do not charge by data storage, or rules. Simply, who in your organization has and uses enterprise data.