Data is the most important asset for any organization and it’s their responsibility to keep it safe. That being said, in reality data breaches continue to be inevitable threats that organizations have to face from time to time. A data breach is when a consumer's personal data is compromised and lands in the hands of threat actors. The cause of a breach can be multifold such as malicious intent, employee neglect or many other reasons, but either way the breach will likely have a catastrophic impact on the organization if it’s not prevented ahead of time. This is where Sensitive Data Intelligence or SDI™ comes into play.
Sensitive Data Intelligence tools help organizations minimize the effect of data breaches by providing the following functionalities:
- Discovering and cataloging your data: To protect data effectively, organizations need to know exactly what types of data they have in native and shadow assets.
- Assess and prioritize data assets for protection: Use Data Risk scores to determine high-risk data assets in the organization. Determine if those high risk data assets contain unprotected data.
- Enforce Security Controls: Discover & centralize the security posture of all your multi-cloud data assets. Ensure Objects/Files containing PII are protected with encryption, no public access, audit logging, etc.
- Review and Revoke Access Privileges: Review access privileges on data assets and limit access to authorized users.
- Develop Compliance Reports: Most global privacy regulations require organizations to document any personal data breaches, populate discovered data elements into assets for up to date data maps and Article 30 reports & provide an accurate assessment of risk associated with data processing activities.
Amongst the plethora of tools provided by SDI vendors, Exact Data Match (EDM) is a critical tool in the data discovery stage. It helps discover business information and other targeted sensitive data in underlying structured or unstructured target data stores.
EDM is designed to help discover and secure consumer sensitive data such as MRN, bank account numbers and social security numbers by fingerprinting the actual data instead of leveraging pattern match techniques. This enables EDM based discovery to eliminate false positives and help customers focus on actual detections making it a very efficient tool for sensitive data discovery.
EDM-based data classification allows organizations to create customized Exact Data Profiles that can be matched to the exact values in a target structured or unstructured datastore containing this sensitive information. Securiti supports a elastic scalable indexing database that can be refreshed according to your needs and used on demand or during periodic discovery scan jobs. This makes it flexible and as employees, clients or patients come and go, your customized Exact Data Profiles remain current and up to date.
With Exact Data Match (EDM)-based classification, you can create custom Exact Data Profiles that are designed to:
- Easily refreshed and dynamic
- Scalable
- Produce Zero false-positives
- Discover from structured and unstructured datastores
- Cloud service compatible
- Sovereign / On-Premise service compatible
Let's take an example of healthcare data to see how EDM can help protect a consumer's sensitive information. In this example we assume that a healthcare provider needs to prevent the sharing of certain medical records that contains information on a specific patient. This data needs to be protected and the health care provider needs to ensure that this information isn’t sent to any external users. The organization configures an Exact Data Match (EDM) template and corresponding profile based on their patient records to do exact match lookup.
A patient EDM Exact Data Profile is configured to detect content which matches patient SSN or Patient ID, along with other patient information. After this data is discovered, regulations based policies can be implemented to restrict access to this information.
Exact data match configuration involves three key steps:
- Definition of an exact data template for fingerprinting the actual data
- Update sensitive content for Exact Match Lookup
- Create Exact Data Profiles for the sensitive type you want discovered
