Data discovery and classification is imperative for recovery

August 14, 2020

In her “Top Breaches of 2019”, a security journalist asked if last year would “…be the worst on record?” It looks like 2020 could surpass last year’s breaches, but it’s not entirely due to consequences of the global pandemic. For sure, unprecedented levels of remote working has emboldened hackers to exploit new vulnerabilities, but there’s one very insidious risk that shows up year after year: the silent and unwitting exposure of sensitive data that no one notices… until it’s too late.

Of the top data breaches, most involved server and database exposure, unfortunately too often uncovered by hackers who immediately placed sensitive data for sale on the dark web. It’s a lucrative market that thrives because hackers know that many organizations – especially those that operate in multicloud environments – still don’t know where all their sensitive data resides.

A clear view of data must come first in today’s hyper-remote world

While data breaches may be inevitable, data leaks are avoidable, and steps can be taken to prepare and strengthen an organizations’ security efforts. To “know your data,” means to have a good understanding of where sensitive data is located through data discovery and classification. Without this important foundation, organizations cannot know what to protect, where it is, who can access it, when it was created and so on.

The good news is that the data discovery process has significantly improved over time resulting in greater effectiveness and efficiency. This clarity creates the ability to close security gaps and protect sensitive data entrusted to organizations. And today, with 74 percent of companies planning to permanently shift to more remote work according to a recent Gartner CFO Survey, being able to discover, classify, and protect data will help prevent the kind of costly disruptions that overwhelmed businesses at the onset of the pandemic.

Classification leads to informed security decisions

When data is discovered, it can then be classified (identified and grouped), based on specific patterns and algorithms. This provides IT professionals with the ability to make more informed decisions about security, data sharing, data access, digital transformation, cloud migration and remediation prioritization. Data shouldn’t be treated as though it all has the same level of risk, and data should be classified according to its sensitivity level—high, medium, or low.

Risk analysis builds a strong security foundation and strengthens compliance

When data discovery and classification are followed by risk analysis, the most comprehensive and holistic security foundation is built on reality. Risk analysis helps IT teams understand the sensitivity of data and then rank its level of risk. These capabilities also help organizations enforce data sovereignty and meet data privacy and security regulations like the GDPR, the California Consumer Privacy Act, PCI DSS and HIPAA.

Data discovery is essential for risk identification, minimization, and mitigation, enabling you to do things like:

Build a comprehensive, up-to-date data inventory.
Analyze and classify data according to risk category to prevent security breaches.
Utilize efficient scans to discover structured and unstructured data across an enterprise.
Prioritize remediation using data encryption and tokenization products.
Leverage discovery and classification tools that help compliance teams demonstrate fulfillment to auditors and regulators.
Adhere to data security and privacy policies and regulations that if broken come with costly penalties.

Across organizations, data discovery can reduce vulnerability for data breaches and theft, expensive non-compliance fines, and other unnecessary expense and risk.

Nisha Amthul is a Senior Product Marketing Manager for Data Security Products at Thales. She holds an MS in electrical and electronics engineering from Imperial College London.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Persistent data exposure is a much riskier problem in today’s remote world

Data discovery and classification is imperative for recovery

A clear view of data must come first in today’s hyper-remote world

Classification leads to informed security decisions

Risk analysis builds a strong security foundation and strengthens compliance

Related Articles

Report Abusive Comment