Will Windows File Classification Infrastructure (FCI) protect our data and bring about world peace?

This post looks at the pros and cons of using FCI within an enterprise environment.

Let’s face it. Managing data in the enterprise is a messy endeavor. I have yet to see an organization that has a 100% handle on where data should live, how it should be used, protected, consumed, etc. Part of the problem is that there is no centralized or built-in method within most information systems by which to classify data. Instead, most organizations rely on user based classification of data which often just results in documents being shoved within a labyrinth folder shares. Or, they hire a third-party or purchase their solution to as a panacea for their quandary.

Luckily a product group at Microsoft has been paying attention to this ever present need in the market place and decided to include a solution within Windows Server 2008 R2. Called File Classification Infrastructure (FCI), this often overlooked feature in R2 is designed to help organizations manage their data by providing interfaces for file classification, automating file management processes using predefined policies, and exposing a framework that can be used to build end-to-end data management solutions. In short, you can use FCI to do the following:

  1. Define file classification properties.
  2. Define automatic classification policies, rules, and triggers.
  3. Develop custom extensions.

In general, FCI is something that I might consider as a remedy for lack-of-classification syndrome. Combined with its policy framework and the ability to perform automated data management actions the FCI framework is a plausible solution when another solution isn’t present. Therefore with FCI, I truly think Microsoft is moving in the direction. However, outside of providing a basic platform from which to try and provide a cure to an organization that lacks good data management practices, I do not think FCI is being all that it can be.

In other words, I have issues with FCI. First off, I think Microsoft missed the mark by dropping this into Windows Server 2008 R2 instead of Forefront. As you know, I’m a big proponent of centralization. Therefore if FCI was a Forefront feature that plugged into Windows file servers, SharePoint, Exchange, etc. then this would be a very compelling feature that is part of the DLP angle they are now trying to work in conjunction with RSA.

Secondly, I do not like how FCI persistently tags data with the desired classifications. Basically, there are two methods that can be used. The first method is by using an alternate data stream which is only valid on a NTFS file system. Or, for Office files you can store the classifications within the meta-data of the file. Naturally, this is the better solution. But, it would have been nice if Microsoft went the extra mile and supported things like fingerprinting, persistent tagging, and marking across all data which is moving through a number of various systems (file servers, e-mail, chat, SharePoint, etc.).

So... the final word is… they didn’t go for the gold. :<(

If you like this, check out some other posts from Tyson:

Or if you want, you can also check out some of Tyson's latest publications:

Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in