Classification is the process in which data is categorized by the content and the associated risk level based on context. Classification complements identification, and the tags classification applies can give additional information in the audit dashboards for data sources.

How-to guides

• Activate classification frameworks: Use the API to activate a classification framework.

• : Create a classification framework using a provided template.

Reference guide

: This reference guide describes classification frameworks and how classification works in Immuta.

After you have registered data sources in Immuta, you can start automating data classification of a column based on its context, which is the combination of

• associated tags already applied to the column

• tags applied to the neighboring columns and

• table tags on the data source.

The starter framework in this how-to is built to map a classification scale of restricted, confidential, internal, and public to Immuta's three-level scale of sensitivity. The sensitivity in the classification tags will then appear in .

Follow this guide to map your tags to the example framework, or consult the for more information about the framework schema.

Customize the framework

Using the example framework below, customize the framework for your organization's classification tags:

Parameters

For more information about these parameters see the .

1. tags: These tags are automatically created in Immuta with the sensitivity you assign. They must not already exist in Immuta. All tags used in the classificationTag parameter should be defined here.

2. tags.sensitivities: This is metadata for the sensitivity of the new tag. Use confidentiality for dimension. Options for sensitivity are

How to edit rules

Follow the example below to map your tags to the rules in the example framework.

This example framework has a rule where columns tagged DSF.Interpretation.Credentials.Secret by identification will be tagged RAF.Confidentiality.High:

To translate this to your tags, replace the name and source value of the columnTags, neighborColumnTags, or tableTags with your own. This new example is for a Collibra tag from the external catalog that an organization uses for confidential data. This rule now states: Apply the classification tag RAF.Confidentiality.High to a column if it has the collibra tag Confidential. Repeat this for your organization's remaining classification levels.

Find the name and source for your tags

If you do not know the name or source for your tags, you can list your tags using the Immuta API:

This request will list all the tags in your Immuta environment, similar to this example response:

Activate your new framework

Requirement: Immuta permission GOVERNANCE

Once you have made all the customizations to the example framework, make the following request using the Immuta API, with your full customized framework as the payload.

Your new framework will now be visible in the Immuta UI by navigating the Classification section.

Classification is the process in which data is categorized by the content and the associated risk level based on context. To classify your data, Immuta evaluates your data in two phases:

1. Identification runs to identify your data by content type. The data is discovered and evaluated by the identifier it matches and is tagged.

2. Classification runs to classify your data by its context. The data is classified by the rules within a framework and the tags currently applied to the column and table. Once the data is classified, it's tagged with special tags with additional metadata used in the as sensitivity and visualize when that sensitive data is accessed.

Requirements:

• Registered data sources; see the reference page for supported technologies

• Immuta permission GOVERNANCE

Immuta provides identifiers out-of-the-box to recognize and tag data. Users can then utilize classification frameworks and build them to apply tags based off those identifier tags and their own catalog tags.

Tune identifiers first to adjust where the tags are applied. Because classification frameworks can apply classification tags from the identification applied tags, tuning identification should come first and will have trickle-down effects on classification. Customizing identification requires some initial work but will automate data tagging for all data sources in the future.

Follow the steps below to tune identification for your data:

4. : This will remove the tags from any previous identification runs and re-run identification with your new identifiers. From here, either continue to edit identifiers to reconfigure the applied tags, or you're finished if you are happy with the results.

Assess

After identification has applied entity tags, any active classification frameworks will automatically reapply their tags to account for any changes to tags. It may be necessary to adjust the classification tags based on your organization's data, security, and compliance needs.

After identification runs, you will receive a notification that the job is complete. Then, you can view the results from the data source columns.

1. Navigate to the data source overview page of the data source you added to the framework.

2. Click the Columns tab.

3. Assess whether the tags are applied as expected.

4. If you are happy with the tags,

Assess your data source tags

Requirement: Immuta permission GOVERNANCE or data owner

Target some data sources to manually review tags:

1. Navigate to the Data Sources page and click the Columns tab to open the data source columns.

2. You will see the data source columns, with details about the name, data type, and a list of the tags on each column. Assess whether the tags are accurate to your data.

If you find that too many tags are applied

Tags may be unexpected but still accurate to your data. Additionally, they may have been applied because they were found to be the best match from the identifiers in the framework.

If you want to improve identification and personalize it to your data, assess why the tag was applied to your data:

1. Is the identifier incorrectly matching your data and irrelevant to your organization? .

2. Is the identifier incorrectly matching this specific column, but correct in other places? It must have been the most correct match found by identification. Create a better match by completing the following steps:

   1. .

If you want to remove the unexpected tags, use one of the following how-to guides:

1. .

2. Ensure the tags are applied properly by adjusting identification.

3. . Note that classification tags build off of other tags, so removing a single classification or identification tag can have trickle-down effects on the data source.

If you find that tags are missing

If you were expecting some sensitive data to be tagged and it is not, enable additional tags using one of the following how-to guides:

1. .

2. Ensure the tags are applied properly by adjusting identification.

3. . Note that classification tags build off of other tags, so adding a single tag can have trickle-down effects on the data source.

Tune your data source columns

Requirement: Immuta permissions GOVERNANCE and AUDIT

Tags can be edited on an individual basis for each data source. If broad changes to the classification framework are necessary to re-tag your data, use the .

1. Navigate to the Data Sources page and select the data sources that you assessed and noted issues.

2. Click the Columns tab.

3. Delete unnecessary tags by clicking on the tag you want to remove from the column, and select Disable from the tag side sheet.

Requirement: Immuta permission GOVERNANCE

To activate a classification framework,

1. Click Metadata in the navigation menu and select Classifications.

2. Click the more actions icon in the Actions column for the framework you want to activate.

3. Select Activate.

Deactivate a classification framework

1. Click Metadata in the navigation menu and select Classifications.

2. Click the more actions icon in the Actions column for the framework you want to activate.

3. Select Deactivate.

Activate and manage classification frameworks using the API

To activate a framework using the Immuta API, see the .