Why Automated Sensitive Data Catalog
A common misconception is that IT teams can manually compile a list of sensitive data
Data is increasingly recognized as a highly valuable enterprise asset today. The advent of Big Data has opened up several opportunities and is being utilized in every way conceivable. This has, however, given an opportunity for cybercriminals to access mass quantities of sensitive information through the use of advanced technologies.
A meteoric rise of high profile data breaches have occurred over the past few years. No one appears to be immune — not Yahoo, not Equifax, not FaceBook, have occurred over the past few years. No one appears to be immune — not Yahoo, not Equifax, not FaceBook, not even the mighty NSA. The following summary highlights a few pertinent data trends:
Rise of unstructured data:
80% of enterprise data today is unstructured. - (Gartner)
Unstructured data is growing at an alarming rate of 70 percent per year - (Symantec)
Unstructured data is vulnerable:
Many consumer-facing companies ask their customers for scanned copies of driver’s license or credit card, but have inadequate security controls to protect them. The FedEx data breach exposed 100,000 scanned documents including passports, drivers licenses, and security IDs on an unsecured Amazon S3 server.
Rapid adoption of cloud:
Over 90% of enterprises report using the cloud as part of their business - (The Economist).
83% of enterprise workloads will be in the cloud by 2020 - (Forbes).
Sadly, many current generation data security tools have not kept pace with the rise in unstructured data, increased vulnerabilities and cloud adoption. Many data security tools still cater to traditional relational databases and lack support for discovering sensitive data in images, unstructured text data, NoSQL databases, and cloud object stores. Moreover, they are not capable of processing high-volumes of data to protect Hadoop data lakes.
On top of the challenge of securing unstructured data in a cloud-first world, security professionals need to comply with stringent regulations across a number of industries. Financial institutions must adhere to the Gramm-Leach-Bliley Act (GLBA) and New York State Department of Financial Services (NY DFS), among other regulations.
While the health industry has to comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Payment providers and financial institutions must ensure compliance with regulations such as the Payment Card Industry’s Data Security Standard (PCI DSS), and so on. And any company with EU customers must comply with the EU General Data Protection Regulation (GDPR) that came into effect in 2018.
Given the flurry of data breaches companies are reporting and the recent fiasco between Facebook and Cambridge Analytica, it is just a matter of time before regulations like GDPR are adopted by the rest of the world.
How can companies ensure their sensitive data stays secure considering current and ongoing transformations, while also operating within the realm of regulatory compliance? The answer lies in following a data-centric approach to make certain that security travels with the data itself, not only to protect it from cyber criminals but also to manage potential privacy policies violations.
With the increasing adoption of mobile and cloud platforms, data security experienced a profound paradigm shift from traditional perimeter security tools towards detecting, monitoring anomalies within organizational networks. New techniques are emerging to help these companies better analyze security data and improve defenses.
Kogni is a leading enterprise data protection software that was publicly launched in early 2018. Kogni's enterprise data security platform leverages machine learning techniques with tools that enable companies to discover and secure sensitive data, with continuous monitoring for new sensitive data. And finally, Kogni provides ease of compliance with regulatory frameworks such as CCPA, plus GDPR, PCI, PHI, HIPAA, FERPA, SOC 1 & SOC 2, ISO 27001 and others.
The growing frequency and size of data breaches coupled with stringent regulations such as GDPR necessitate a new generation of sensitive data discovery tools that serve the data of today — both unstructured text and image data and structured data stored in Cloud object stores, NoSQL databases, Hadoop, and traditional relational databases. By tackling the growing data risk in an organization through a comprehensive opt-out security approach and ensuring compliance by making it easy and seamless for the end user, you will benefit from a win-win scenario.
References
Capone J, Take a new approach to data security: protect all of it. Retrieved from: https://www.csoonline.com/article/3261564/data-protection/take-a-new-approach-to-data-security-protect-all-of-it.html
BARC, KuppingerCole, Big Data and Information Security. Retrieved from: http://barc-research.com/research/big-data-and-information-security/
Rizkallah J, The Big (Unstructured) Data Problem. Retrieved from: Rizkallah J, The Big (Unstructured) Data Problem. Retrieved from: Rizkallah J, The Big (Unstructured) Data Problem. Retrieved from: Rizkallah J, The Big (Unstructured) Data Problem. Retrieved from: https://www.forbes.com/sites/forbestechcouncil/2017/06/05/the-big-unstructured-data-problem/#43fb375493a3
Symantec Data Sheet, Data Loss Prevention. Retrieved from: https://www.symantec.com/content/dam/symantec/docs/data-sheets/data-loss-prevention-solution-en.pdf
The Economist Intelligence Unit, Ascending cloud: The adoption of cloud computing in five industries. Retrieved from: https://eiuperspectives.economist.com/sites/default/files/EIU_AscendingcloudMBP_PDF_1.pdf
Columbus L, 83% Of Enterprise Workloads Will Be In The Cloud By 2020. Retrieved from: https://www.forbes.com/sites/louiscolumbus/2018/01/07/83-of-enterprise-workloads-will-be-in-the-cloud-by-2020/#447aa036261a