This is great information, and it addresses one of the biggest--if not THE biggest--challenges of data protection. Organizations can't efficiently or effectively protect data until or unless they can accurately and consistently classify it. Without a framework like this article describes, organizations generally end up protecting everything or nothing.
The problem depends on how big of an 'S' you are talking about for an SMB. Smaller organizations simply don't have the IT skills or resources to understand a framework like this--never mind managing it day-to-day.
As this paper describes (
http://www.pcworld.com/article/247787/the_noit_guide_to_business_security.html), I think that smaller SMBs should should seriously consider cloud-based solutions because the cloud service generally provides some of those IT skills and resources so you are free to use the tools without having to become an expert or also maintain the infrastructure.
