Hands-on with Windows Server 2008 R2: The Windows File Classification Infrastructure

Missing from Windows until now, file classification lets a business manage data based on its value and sensitivity

The Windows File Classification Infrastructure (FCI) is new to the first release candidate of Windows Server 2008 R2, which was made available last month and is due to be released in October. FCI is a robust identification system that allows you to set up rules that assign values to files based on their location or content. You can then take various actions based on those values, or you can instruct Windows to take those actions automatically.

The scenario

Since this is a brand-new feature in the newest Windows Server release candidate -- unusual if you look at Microsoft's history of locking down features in the final beta -- let's take a look at how it might be useful, how to get started and some of the caveats in this release.

Take your current environment, for example. Perhaps some project groups and departments came to you at one point and said, "We need a file share in which we can store our data." This seemed like a reasonable enough request, so you created a share, assigned the appropriate permissions and moved on.

But then, as time has worn on, you've become aware of the risks of that data being spread outside of the company. So now you need a method to ensure that internal data stays internal and that sensitive information isn't given to competitors, regulators (when inappropriate) and so on.

Next, the payment card industry (for example) has created stringent guidelines on how, when, and where customer payment information can be stored and archived, so you've discovered that you need to encrypt this information within storage. (Substitute health information or whatever is relevant to your industry.)

And finally, your business has grown large enough -- and your IT budget has stayed small enough -- that you've run up against the capacity of your storage solution. So the powers that be have decided that, going forward, all files with little business impact that have remained unchanged in the past year should be expired after 36 months.

Extrapolate this scenario across all of your branch offices, servers, shares, storage area networks (SANs) and so on, and the result isn't pretty. This was Microsoft's reasoning around developing the sleeper feature of Windows Server 2008 R2, called the Windows File Classification Infrastructure (FCI).

In a nutshell, file classification allows the business to manage data based on its value and sensitivity. You can set up rules that apply and enforce classifications to data stored on the network, whether it's by file type, name, location, or other criteria, and then you instruct Windows to automatically apply policy according to those classifications. Think of Group Policy for files.

Where this really gets interesting is when the outside ecosystem begins developing tools to work with the FCI API. Vendors of search, backup, archive and leakage prevention/security software can all plug their solutions into FCI. In this way, they can help administrators create very flexible and granular policy classifications, as well as force FCI into applying those classifications when criteria are met.

1 2 3 4 Page 1
7 Wi-Fi vulnerabilities beyond weak passwords
Shop Tech Products at Amazon