Building a Classification System From Zero, Inside a Live Enterprise Product

ALTR is a cloud-native data security platform used by enterprise teams at organizations like Ally Bank. When I joined, classification — identifying what sensitive data exists before protecting it — was effectively missing from the product. The existing scan was shallow, one-time, and surfaced results outside ALTR's governance workflows. Security teams were patching the gap with third-party tools like BigID.

I designed and shipped a fully native classification system: a dedicated product section with its own navigation and reports surface, a reusable collections model for grouping classifiers into policies, configurable accuracy and sampling controls, and an in-platform results view with direct tagging into masking workflows. I coordinated design across 8 engineers on frontend, backend, and API. V1 shipped to production. V2, extending support to OLTP sources including SQL Server, Oracle, and MySQL, is deployed and awaiting full release.

Two decisions shaped the outcome most. Before any screens, I made the case to the PM and engineering lead to give classification its own dedicated section in the product rather than keep it buried in the data source connection flow. This made results revisitable, enabled scheduled runs, and made V2's OLTP expansion architecturally feasible. The second was the collections model: security teams think in policies, not individual classifiers. Collections gave that mental model a concrete shape in the product.