Skip to main content

Risk Analysis: Classify Unknown Data Types

  • July 6, 2026
  • 4 replies
  • 45 views

Yassmin Omer
Apprentice
Forum|alt.badge.img+4

Hello,

I have been reviewing the Commvault Risk Analysis and Data Classification capabilities, and I have also performed some lab testing to better understand how the feature works.

Based on the documentation and my testing, I understand that data can be classified using:

  • Predefined Commvault classifiers
  • Microsoft sensitivity labels/classifications
  • Custom classifiers by providing a set of representative sample files (at least 50 files) for the document type

However, I have a question regarding a specific use case.

What if an organization does not know what types of data it currently has and wants to discover and classify unknown data across its environment?

The current classification methods seem to require either predefined categories or prior knowledge of the document types. In this scenario, how can Risk Analysis help identify and classify data that is not already known or defined?

Am I missing a capability within Risk Analysis that addresses data discovery for unknown content.

 

4 replies

Mohammed Ramadan
Vaulter

Hi ​@Yassmin Omer  

Welcome to the Commvault Community!

That's a great question, and it's a common scenario when organizations begin their data discovery and classification journey.

Regarding your question: What if an organization does not know what types of data it currently has and wants to discover and classify unknown data across its environment?

Even if you don't know the types of documents stored in your environment, Commvault Risk Analysis can still help identify sensitive content by scanning data against its extensive library of 160+ built-in entities.

such as: Personally Identifiable Information (PII) Financial information Medical and healthcare information National IDs, passport numbers, credit card numbers Email addresses, phone numbers, and many other predefined sensitive data types ..etc 

This approach does not require prior knowledge of your document types. You simply enable the relevant built-in entities in your Data Classification Plan, and Risk Analysis will identify files containing these types of sensitive information. This is the recommended best practice for organizations that are starting with unclassified or unknown data.

In most customer environments, the built-in entities are sufficient to discover and classify the majority of sensitive or regulated information. Custom classifiers are typically introduced later when an organization needs to identify business-specific document types or proprietary content that is not covered by the predefined entities.

For files that do not match any predefined entity or custom classifier, they are still inventoried by Risk Analysis. You can review these files using their metadata (such as location, owner, file type, size, and age) to prioritize further investigation and determine whether additional custom classifiers should be created.

My recommendation is to start by using the built-in entities to establish a baseline of the organization's sensitive data. Once you understand the data landscape, you can introduce custom classifiers for organization-specific content that requires more granular classification.

I hope this helps clarify the capability. Please let me know if you have any additional questions.

Thanks & Regards,
Ramadan


Yassmin Omer
Apprentice
Forum|alt.badge.img+4
  • Author
  • Apprentice
  • July 6, 2026

Hi ​@Mohammed Ramadan 

Thank you for your detailed explanation.

I understand that the built-in entities can be used to identify sensitive information such as PII, financial data, healthcare data, and other regulated content, and that custom entities can be created for additional sensitive data patterns.

However, my question is more focused on data classification rather than sensitive data discovery.

For example, if I have a large file share and I want to understand the types of documents it contains (such as contracts, invoices, HR documents, technical documents, policies, engineering drawings, etc.), but I do not know these categories in advance, how can Risk Analysis help classify this content?

My understanding is that custom classifiers require representative sample files, which means I already need to know the document type beforehand. Therefore, I am trying to understand whether there is a capability to automatically discover and categorize unknown document types, not just identify sensitive information within them.
Thank You.


Mohammed Ramadan
Vaulter

Hi ​@Yassmin Omer  

Thank you for the clarification.

Based on your question, I understand that you are referring to automatic document type classification where the document categories are not known in advance rather than simply identifying sensitive data. In this scenario, Commvault Risk Analysis does not currently provide a documented capability for AI-based, unsupervised discovery and categorization of unknown document types. Commvault Risk Analysis is primarily designed for data classification, governance, and compliance, rather than AI-driven document type classification. Its purpose is to identify sensitive and regulated information not to automatically discover and create new document categories from previously unknown content.

Thanks & Regards,
Ramadan

 


Yassmin Omer
Apprentice
Forum|alt.badge.img+4
  • Author
  • Apprentice
  • July 6, 2026

Hi ​@Mohammed Ramadan ,

Thank you for the clarification.

Yes, I understand that Commvault does not currently provide this capability and that Risk Analysis is primarily focused on sensitive data discovery, governance, and compliance.

I was asking to confirm my understanding of the current functionality. Personally, I believe that automatic discovery and categorization of unknown document types would be a valuable enhancement and would help provide a more complete data classification solution.

Hopefully, this capability will be considered in future Commvault releases. I would certainly be interested in seeing it added.

 

Thanks,

Yassmin