Why Data Discovery is the First Step to Effective Data-Centric Security

In a world of IT complexity, escalating cyber risk and rigorous compliance requirements, data-centric security is winning favor with a growing number of enterprise CISOs. It’s all about rethinking security to focus on what’s most important to the organization and to those attempting to breach it: the data it holds. A data-centric security approach will apply strong encryption or tokenization to that data. But before that can happen, organizations need to know what data they’re handling and where it is located. That’s not easy in today’s dynamic and distributed IT environments. The bottom line is you can’t protect what you can’t see. This is why data discovery becomes so important to effective cybersecurity.

Complex and interconnected

Modern enterprise networks and data storage environments are complex and interconnected—spanning potentially multiple on-premises and cloud datacenters. That creates a large potential attack surface, which is constantly being probed and breached. The volume of publicly reported data breaches in the US hit an all-time high last year, for example.

This kind of cyber risk is increasingly attracting the attention of the C-Suite: the average cost of a breach today is now $4.4m. The risk of financial and reputational damage is particularly acute given the patchwork of strict regulatory requirements governing data protection, from GDPR and PCI DSS to the CCPA in California.

Against this backdrop, organizations are not only concerned about the complexity of data environments. Their challenges also include:

• A dynamic data environment, which renders reactive manual snapshots and analytics redundant
• Mergers and acquisition activity, which can add to complexity, data volumes and classification headaches
• An explosion in unstructured data which may be captured and recorded informally. All data, including structured, semi-structure or unstructured must be identified, tagged and protected
• Data segmentation between corporate subsidiaries, which might further complicate discovery and classification efforts

Data discovery – what you need

There is therefore a clear need for intelligent, AI-driven tools that can automatically discover and classify data wherever it is in the organization on a continual basis. Organizations need to look for solutions which help them to:

• Discover known and unknown data sources
• Find all types of data, regardless of type, format or location: that means data on-premises and in the cloud, from highly structured databases to free-form documents like PDFs and TXT files
• Understand near real-time sensitive data lineage and the business context of any sensitive data element in the environment
• Gain complete visibility of the usage of every data subject’s information
• Understand when sensitive production data is found outside of production environments
• Automatically generate a full master catalog of sensitive data in near-real time, including to whom it belongs and where it is processed, stored and used
• Implement measurements, monitoring, and enforcement tools to govern the usage of sensitive data
• Understand how records from across disparate sources come together in unique data subject records. These records can be compared with known business usage to confirm known, managed PII

The comforte difference

Comforte’s Discovery and Classification solution uses proprietary passive network packet capture to identify sensitive data flowing through the organization. This visibility means we can identify repositories like databases, applications, file systems, and log files where sensitive data resides. The solution then performs a comprehensive scan of those repositories to get full insight into the depth and breadth of the data environment.

Finally, it analyzes and consolidates the resulting identified data in a structure that allows the user to see data lineage, respond to subject access requests, identify production data in non-production locations, and many other privacy, security and data governance tasks.

With these capabilities, organizations can:

Gain visibility into data threats and risks by automatically discovering how data is stored, processed, and shared in near real-time.

Reduce risk by building relevant protection policies, security controls and ongoing monitoring on top of this visibility.

Comply with privacy regulations by creating a Master Data Catalog inventory which links all the pieces into a comprehensive map of enterprise data. This allows organizations to identify compliance risk and manage data subject access requests in a timely manner.