Digital Forensics & Incident Response Strategic Services Advanced Testing Services Managed Security Services
December 11, 2019
Leveraging Data Discovery to Find Sensitive Data

Have you taken into consideration where your company’s sensitive data resides or who has access? We often think of healthcare providers when we talk about sensitive data, but what if I told you every type of company contains sensitive data? Sensitive data can generally be described as, “data that must be protected to safeguard a company or individual from unauthorized access.” As your company grows, so does your data volume, and in return this means the potential for important data to find itself in the wrong hands.

We have often seen the harsh penalties and impact on corporations who fail to comply with strict data regulations such as GDPR and HIPAA. As Gartner Research Director Bart Williamson  stated, “The GDPR will affect not only EU-based organizations but many data controllers and processors outside the EU as well. Threats of hefty fines, as well as the increasingly empowered position of individual data subject tilt the business case for compliance and should cause decision makers to re-evaluate measures to safely process personal data.” You may ask yourself, “what can we do to protect our corporation and investments?” An integral part of the question is Data Discovery.

Leveraging Data Discovery

Data Discovery allows you to investigate your environment based on patterns you see fit for your corporation. Discovery identifies, monitors, and helps protect data in use, data in motion on your network, and data at rest. Companies like PKWARE and Varonis specialize in this capability. You may find yourself asking questions like, “what if we have transitioned to the cloud?” Companies are constantly evolving to stay current with new products, and the Data Discovery providers have done just that. Discovery allows you to scan on-prem and cloud data seamlessly. As we can see below, here is one example of how we can use patterns to search for HIPAA data through PKWARE (Figure 1.0).

When scanning for data, the choice is ultimately yours as how you want to go about it. You could set the scan up to target specific users or groups or to scan servers/domains. Integrating with your Active Directory, you can use Data Discovery to search different departments/users for information or to see who has access to this data. If you want to reduce the amount of data returned or false positives, you can set parameters such as threshold, exclusion and others. Don’t worry if you are more concerned about finding where specific file types reside, these vendors can provide you with solutions. Ultimately, if there is sensitive data in your environment, it can be found. These scans can be set to run at specific times or days to provide you with the most up to date results without interfering with the production. These are just mere examples of how you can harness the power of data discovery to find where your sensitive data resides while creating minimal impact.

What is next?

After running Data Discovery and eliminating false positives using exclusion, threshold and other means, you must decide what is next. With a thorough understanding of your data, your company can implement policies and risk-prioritized decisions. You can harness Active Directory to fine tune security groups to only allow correct users to have access to this data. You could set up alerts on certain data to provide security against individuals attempting to exfil or access. Maybe you want to encrypt this data, which could be another option in securing this information. These are just some of the solutions provided to you when you choose to implement Data Discovery. Data Discovery is just a small step into data loss prevention (DLP), which can be used to prevent this data from ever leaving your network. We find ourselves in the situation of, “this sounds good but what now?” The answer to that question is simple. Just start the conversation and ask questions!

I Need To...