1.Categories data based on it's value and drives the controls that are put in place to secure it.
2.Classification should enable information to be protected in laignment with the company's policy.
3.Within the cloud, the CSP should
+Ensure proper security controls are in place so that whenever data is created or modified by anyone,they are forced to classify or update the data as part of the creation/modification process.
+Implement controls(could be administrative,preventive/compensating).
+Protect data according to it's classification at rest and in transmit.
+Should support the reclassification process.