Most companies know where sensitive data is supposed to be. But in the complex world of IT environments data flows and resides into unexpected places. Most concerning is when sensitive data finds its way into unsecured files on desktops, laptops, servers used for other purposes.
Data Discovery and Classification is a first step in incident response readiness planning, developing compliance strategies for PII and electronic discovery (litigation) readiness. It assists your organization in becoming both secure and compliant and helps you define the requirements for a data leak prevention strategy.
There are numerous tools and services out there that undertake the daunting exercise of identifying types and locations of data. Email, structured data repositories, unstructured data, repositories bases, file shares, image files, enterprise software applications, cloud SaaS applications, mobile devices… PCI and HIPAA compliance requirements are quickly moving towards requiring data discovery scanning and reporting, just like vulnerability scanning and penetration testing.
Interesting in litigation, e-discovery has proven to be the silver bullet, or silver lining. Today, court ordered “white hat hacking” or government sanctioned hacking for e-discovery is more common than assumed. Once data is created, it is hard to destroy it, unless the physical host is destroyed.
Consider data discovery as another technical assurance policy, before it is done for you, by someone you don’t want doing it to you. Orion Security and Compliance Services can provide assistance with Incident Response planning, compliance strategies, data classification policies, data leak prevention practices.